context-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the skill's markdown files and logic revealed no malicious patterns, such as direct prompt injection, credential harvesting, or unauthorized data exfiltration.
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize standard development tools like Git and Docker for workflow management. These commands are used for their intended productivity purposes and do not involve the execution of untrusted or dynamically generated code from external sources.
- [EXTERNAL_DOWNLOADS]: References to well-known services (Jira, GitHub, Figma) for task management and documentation are handled neutrally. No unverifiable or suspicious remote downloads were detected.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes data from local state files and external Jira tasks. This is a common characteristic of context-tracking tools and is mitigated here by the implementation of structured JSON schemas and validation functions described in the reference documentation.
- Ingestion points: .aid/context.json, .aid/state.json, and data retrieved from Jira URLs.
- Boundary markers: Absent from the provided instruction templates.
- Capability inventory: Local file system read/write access, Git commit execution, and environment status monitoring via Docker.
- Sanitization: Achieved through the use of strictly defined JSON schemas and validation logic provided in the reference files.
Audit Metadata