agent-context-loader
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a proactive context-loading mechanism that automatically ingests and obeys instructions from 'AGENTS.md' files discovered in the working directory.
- Ingestion points: The 'SKILL.md' and 'scripts/check-agents-md.sh' files instruct the agent to automatically detect and load agent-specific instructions from 'AGENTS.md' on the filesystem.
- Boundary markers: The provided instructions lack clear delimiters or safety warnings to prevent the agent from treating the contents of 'AGENTS.md' as high-authority system instructions.
- Capability inventory: The skill is granted broad permissions, including 'Read', 'Write', 'Edit', and 'Bash' execution, which significantly increases the impact of a successful injection.
- Sanitization: There is no evidence of sanitization, validation, or escaping of the content loaded from the external file.
- Risk: An attacker could place a malicious 'AGENTS.md' file in a repository. If the user directs the agent to that directory, the agent may automatically adopt instructions to exfiltrate data, modify files, or execute commands using its assigned tools.
Audit Metadata