Skills
skills/codealive-ai/codealive-skills/codealive-context-engine/Gen Agent Trust Hub

codealive-context-engine

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and displays content from external repositories.
  • Ingestion points: Code snippets and AI-synthesized explanations are ingested from the CodeAlive API in scripts/search.py, scripts/chat.py, and scripts/explore.py which are then presented to the agent.
  • Boundary markers: While scripts/search.py uses textual headers (e.g., --- Result #idx ---), it lacks robust delimiters or explicit instructions to the agent to disregard potential commands embedded within the retrieved code.
  • Capability inventory: The skill can perform network requests to the vendor's API and interact with system credential managers via subprocess.run to manage API keys.
  • Sanitization: Content fetched from the remote API is rendered to the agent without sanitization or filtering to remove potentially malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 07:10 AM