integrate-context-matic
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of third-party SDKs and packages (e.g., via
npm install,pip install) based on information retrieved from thecontext-maticMCP server. These dependencies are not verified against a trusted source within the skill's instructions. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through ingestion of data from the
context-maticMCP server via thefetch_apiandasktools. * Ingestion points:fetch_api,ask,model_search,endpoint_search(SKILL.md). * Boundary markers: Absent; no instructions provided to treat external guidance as untrusted. * Capability inventory: Package installation commands (npm,pip,go), workspace modifications (add_guidelines,add_skills). * Sanitization: Absent. - [DATA_EXFILTRATION]: The skill references sensitive file paths, specifically
.envfiles and secrets managers, to verify theauth_configuredmilestone during API integration.
Audit Metadata