Skills
skills/jeo-tech-ai/oh-my-unity3d/opencontext/Gen Agent Trust Hub

opencontext

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global NPM package @aicontextlab/cli, which is an external dependency from an unverified source.
  • [REMOTE_CODE_EXECUTION]: The installation via npm install and the usage of npx involve downloading and executing remote code on the host system.
  • [COMMAND_EXECUTION]: The initialization command oc init performs modifications to the user environment, including updating configuration files such as mcp.json and adding command scripts to directories like ~/.claude/commands and ~/.cursor/commands.
  • [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection by indexing and retrieving document content through tools like oc search and oc_manifest. Malicious instructions embedded in indexed documents could be processed by the agent, and the risk is elevated by the skill's access to powerful tools like Bash and Write. No specific boundary markers or sanitization steps are documented to mitigate this risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 03:29 AM