strands-context-manager
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, suspicious remote code execution, or unauthorized network activity were detected. The skill originates from a known organization (aws-samples).
- [PROMPT_INJECTION]: The skill processes untrusted user messages to generate summaries. This was evaluated for indirect prompt injection risks, but the implementation is considered safe based on the following evidence:
- Ingestion points: Conversation messages are ingested via the
agent.messageslist inscripts/strands-context-manager.py. - Boundary markers: The summarization prompt in
scripts/strands-context-manager.pyincludes clear format requirements and explicit instructions to prevent the model from responding conversationally or using tools during the summary phase. - Capability inventory: The script performs context management and LLM calls via the Strands SDK; it does not contain direct file system access, subprocess execution, or arbitrary network capabilities.
- Sanitization: The skill uses the 'Clean Agent Pattern,' creating a dedicated summarization agent without session persistence or hooks. This ensures that any malicious instructions in the conversation history cannot pollute the permanent session storage or execute unintended callbacks.
Audit Metadata