arcblock-context
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests data from local Markdown files which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Documentation files loaded from project, user, or plugin directories as specified in the Workflow Step 3.
- Boundary markers: No explicit delimiters or warnings are used to separate loaded content from system instructions.
- Capability inventory: The skill performs file read operations and summarizes content for the user.
- Sanitization: There is no sanitization or validation of the file content before it is processed by the agent.
- Data Exposure (LOW): The skill accesses the local filesystem, including the user's home directory. While a static mapping is provided, there is a risk that the agent might interpret user-provided topics as arbitrary paths, potentially leading to the exposure of files outside the intended documentation directories.
Audit Metadata