context-master
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses highly imperative instructions in
SKILL.mdto control the agent's behavior and output. Phrases such as 'Your exact next output MUST be' and 'MANDATORY FIRST STEP' are used to force the agent into a specific planning template, overriding standard conversational flow. - [COMMAND_EXECUTION]: The skill includes Python utility scripts,
create_subagent.pyandgenerate_claude_md.py, designed to be executed by the agent. These scripts perform file system operations, including creating directories ('.claude/agents') and writing configuration files, to customize the agent's environment. - [PROMPT_INJECTION]: The skill introduces a surface for Indirect Prompt Injection (Category 8) via its 'Thinking Subagents' architecture.
- Ingestion points: Subagents use 'read', 'search', and 'web_search' tools to retrieve data from files and the internet.
- Boundary markers: The subagent configuration templates in
scripts/create_subagent.pydo not define clear delimiters or instructions to ignore embedded commands in the data they process. - Capability inventory: Subagents (especially the 'tester' and 'deep_analyzer' types) are granted capabilities such as 'bash' execution and file 'write' access with 'high' autonomy.
- Sanitization: There is no evidence of sanitization or filtering of external content before it is processed by the subagents' reasoning blocks.
Audit Metadata