context-loader
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including ls and git ls-files for file discovery and size verification. These commands are used to manage token consumption and project structure analysis.
- [PROMPT_INJECTION]: The skill ingests content from external project files (e.g., package.json, conductor docs), which constitutes an indirect prompt injection surface. (1) Ingestion points: Local manifest files and markdown documentation. (2) Boundary markers: None specified in the instructions for separating file content. (3) Capability inventory: Access to run_shell_command and read_file. (4) Sanitization: No content validation or sanitization is specified for the data read from files. This risk is minimized by strict file-type priorities and a 15-file ingestion limit.
Audit Metadata