context-manager
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructions direct the agent to execute a local Python script (
scripts/audit_memory.py). Since the script file was not provided in the analysis bundle, its specific filesystem operations, potential network requests, and safety cannot be verified. - PROMPT_INJECTION (LOW): The skill ingests untrusted markdown documentation from a project repository to generate context updates and audits, creating a surface for indirect prompt injection. 1. Ingestion points: Project files like README.md, ARCHITECTURE.md, and documentation in the docs/ directory. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided instructions. 3. Capability inventory: Capability to write/update files and execute the audit script. 4. Sanitization: No sanitization or validation of the ingested content is specified.
Audit Metadata