rag-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform setup operations, such as initializing the context environment with 'ctx init' and copying template files into the local directory for tracking.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'worktrunk' package (ctx) via the Homebrew package manager, which is an external tool used to facilitate long-term memory for the agent.\n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it is designed to read and process data from project files (COLLECTIONS.md and ISSUES.md) that may contain content from untrusted documents.\n
- Ingestion points: Local state files located in the .context/ directory.\n
- Boundary markers: No delimiters are defined in the templates to separate data from instructions.\n
- Capability inventory: The agent has access to Bash, Read, and Write tools, which allow for potential code execution or file modification based on ingested data.\n
- Sanitization: Content from tracked documents is recorded in plain text without sanitization or validation.
Audit Metadata