context-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on project analysis and do not contain patterns for bypassing safety filters or overriding system instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill accesses project metadata (package.json) and authentication configurations (lib/auth.ts) to understand logic flows. No external network operations (curl, wget, fetch) or data exfiltration patterns were found.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: Processes any project files matching
**/*.{ts,vue,json,md}. - Boundary markers: None specified in the instructions to distinguish between code and potential embedded instructions.
- Capability inventory: Limited to file reading and symbol resolution; lacks high-risk capabilities like network access or shell execution.
- Sanitization: No explicit sanitization of file content is mentioned, posing a minor surface for indirect injection if the analyzer interprets comments as instructions.
- [Unverifiable Dependencies] (SAFE): No package installations or remote script downloads are performed.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected.
Audit Metadata