Skills
skills/athola/claude-night-market/context-map/Gen Agent Trust Hub

context-map

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes python3 and find to run local scripts (scanner.py) and modules (context_scanner). It dynamically modifies PYTHONPATH based on the results of a search within the current directory. This behavior allows for the execution of arbitrary code if the scanned project is malicious.- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection (Category 8). The skill performs a comprehensive scan of the project, including environment variables, API routes, and source code dependencies, then feeds this data to the agent. Without boundary markers or sanitization, malicious content in the scanned files could manipulate the agent's behavior.\n
  • Ingestion points: Reads files and directory structures from the project root (SKILL.md).\n
  • Boundary markers: No delimiters or protective instructions are implemented.\n
  • Capability inventory: Executes shell commands and Python modules (SKILL.md).\n
  • Sanitization: No sanitization of the scanned data is mentioned.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 07:38 AM