context-audit
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses Bash and standard tools (grep, ls, cat) to analyze local system files such as
~/.claude/projects/and~/.claude/settings.json. These operations are limited to the skill's stated purpose of auditing context usage. - DATA_EXPOSURE (SAFE): While the skill reads session JSONL files and configuration data, this data is used locally to generate a report for the user. No network exfiltration or transmission to external domains was detected.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted session logs and third-party skill metadata. However, it lacks capabilities that would allow an attacker to escalate privileges or perform dangerous actions through these logs. Boundary markers are absent, but the primary output is a structured report/score for the user.
- EXTERNAL_DOWNLOADS (SAFE): No remote dependencies or external scripts are downloaded or executed. All logic resides within the provided Markdown and referenced shell scripts.
Audit Metadata