Skills
skills/famaoai-creator/gemini-skills/context-injector/Gen Agent Trust Hub

context-injector

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns detected. The skill performs localized data processing using internal core libraries.
  • [DATA_EXPOSURE]: The skill accesses local files provided via command-line arguments. It utilizes safe wrapper functions from the @agent/core library for file operations, which is a recommended practice for path validation and access control.
  • [INDIRECT_PROMPT_INJECTION]: The skill implements an attack surface for indirect prompt injection by reading external JSON and text files. However, it mitigates this risk by:
    • Ingestion points: Loading data via argv.data and argv.knowledge in src/index.ts.
    • Boundary markers: Structuring injected content within specific JSON keys (_context.injected_knowledge).
    • Capability inventory: Restricting actions to local file reads and writes using core wrappers.
    • Sanitization: Employing tier-guard utilities (validateInjection and scanForConfidentialMarkers) to prevent the exposure of sensitive markers in public-tier outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:24 PM