agent-context-loader
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a hierarchical configuration loading pattern that ingests data from
AGENTS.mdfiles found in the workspace and parent directories. This introduces a risk of indirect prompt injection, where an adversary could place a malicious instruction file in a directory targeted by the scan. - Ingestion points:
AGENTS.mdoragents.mdfiles located via directory traversal andGloboperations (SKILL.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' directives when merging external content into the unified context.
- Capability inventory: The skill uses
Read,Write,Edit,Grep,Glob, andBashtools (SKILL.md). - Sanitization: Absent. The instructions focus on merging and reporting conflicts rather than validating or escaping the content of the discovered files.
- [EXTERNAL_DOWNLOADS]: The skill contains references to documentation hosted on Anthropic's official domain (
docs.anthropic.com) and the author's infrastructure (jeremylongshore.com,intentsolutions.io). These references are for documentation and setup purposes and are associated with trusted or vendor-related sources. - [COMMAND_EXECUTION]: Includes a shell script (
scripts/check-agents-md.sh) designed to verify the presence of anAGENTS.mdfile and notify the user. The script performs local file checks and prints status messages without executing remote code or performing dangerous filesystem operations.
Audit Metadata