context-extraction
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill requires the agent to ingest data from external sources, specifically Crowdin JSONL fields (text, key, and context) and local source files, to generate ai_context values. This ingestion of untrusted content presents a risk of indirect prompt injection. 1. Ingestion points: Content is read from JSONL file fields and source code files referenced by path and line number within those JSONL files. 2. Boundary markers: The skill lacks explicit instructions for the agent to treat external strings as non-instructional data or to ignore embedded commands. 3. Capability inventory: The instructions imply the use of file reading and file writing capabilities (e.g., StrReplace or batch writing) to update the JSONL files. 4. Sanitization: While the skill includes a checklist for escaping characters to maintain JSON validity, it does not provide methods for sanitizing the semantic content of the ingested strings to prevent instruction hijacking.
- [NO_CODE]: The skill consists exclusively of markdown documentation and instructions for the agent; it does not contain any executable scripts, binaries, or source code files.
Audit Metadata