context-health
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses basic shell utilities (
wc -l,head,grep) to analyze the metadata and contents of local markdown files in the~/.claude/directory. These operations are read-only and used for the stated audit purpose. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes content from local context files that could contain embedded instructions.
- Ingestion points: Content is read from multiple markdown files in
~/.claude/.context/core/, includingidentity.md,preferences.md, andrules.md(SKILL.md). - Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions to prevent the agent from accidentally obeying commands found within the audited context data.
- Capability inventory: The skill is limited to reading local files and executing standard text-processing shell commands; it does not exhibit network exfiltration or destructive file-write capabilities (SKILL.md).
- Sanitization: No escaping, validation, or filtering is performed on the content read from the local files before it is presented to the agent for analysis.
Audit Metadata