Skills
skills/jeo-tech-ai/oh-my-gods/opencontext/Gen Agent Trust Hub

opencontext

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @aicontextlab/cli package via npm or its execution through npx, which involves downloading and running code from an external repository.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform operations such as initializing the OpenContext environment, managing local database files in the user's home directory (~/.opencontext), and building search indexes.\n- [DATA_EXFILTRATION]: The skill configures API keys for embedding services and communicates with external providers such as OpenAI and local LM Studio instances for context retrieval tasks.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface (Category 8).\n
  • Ingestion points: Data enters the agent's context through document creation and search tools such as oc search and oc_create_doc.\n
  • Boundary markers: The skill lacks explicit markers or instructions to isolate ingested document content from agent instructions.\n
  • Capability inventory: Retrieved data is processed by an agent with Bash, Read, and Write tool access, creating a potential path for instruction execution from untrusted content.\n
  • Sanitization: No sanitization or validation mechanisms are defined for the content stored and retrieved from the persistent context database.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 07:00 AM