receive
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the '!' prefix during its initialization to display the current date and check for the existence of the context directory.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8).
- Ingestion points: The skill reads file content from
/tmp/claude-ctx/or user-defined paths to 'integrate context into current session understanding'. - Boundary markers: There are no specific boundary markers or 'ignore embedded instructions' warnings provided to the agent when it reads the context files.
- Capability inventory: The skill allows the use of 'Bash' and 'Read' tools, which could be leveraged if the agent is tricked by malicious content in a context file.
- Sanitization: The skill does not perform any sanitization or validation of the text read from the files before presenting it to the agent, creating a risk if an attacker can write to the shared directory (especially since
/tmpis often world-writable).
Audit Metadata