using-contextd
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access attempts were detected within the skill's instructions or metadata.
- [COMMAND_EXECUTION]: The skill references local utility commands, such as
curlfor health checks onlocalhost:9090andgit remotefor retrieving project identifiers. These are standard diagnostic and configuration operations relevant to the tool's functionality. - [PROMPT_INJECTION]: The skill facilitates the ingestion of project data and session history, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the context via
semantic_search,repository_index, and memory retrieval tools. - Boundary markers: None explicitly defined in the markdown instructions.
- Capability inventory: File reading, semantic indexing, and persistent memory recording.
- Sanitization: The skill explicitly highlights that contextd v1.5+ performs strict input validation, including the rejection of directory traversal (
../), filtering of shell injection characters in glob patterns, and scrubbing of secrets from conversation histories.
Audit Metadata