context-status
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs the Bash tool with restricted commands (ls, cat) to traverse the local filesystem and read log and state files.\n- [DATA_EXFILTRATION]: The skill accesses sensitive internal configuration files and session metadata located in the user's home directory (~/.claude/settings.json and ~/.claude/sessions/), which results in the exposure of tool-specific settings to the agent context.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) as it reads and presents untrusted data from session logs and focus files.\n
- Ingestion points: Content is retrieved from the log/ directory and .context/current-focus.md.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing of these files.\n
- Capability inventory: The skill uses Read, Glob, and restricted Bash tools to bring file contents into the agent's context.\n
- Sanitization: There is no sanitization or validation performed on the text read from local files before it is displayed.
Audit Metadata