sync-context
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill performs local file management tasks consistent with its description and stated purpose.
- [COMMAND_EXECUTION]: The skill executes a local Python script via the
uvrunner to process and sync configuration files within the user's home directory. - [PROMPT_INJECTION]: Evaluated for indirect prompt injection surface (Category 8) as it processes local markdown files to generate agent rules.
- Ingestion points: Reads data from files in
~/.claude/.context/core/such as identity.md and rules.md. - Boundary markers: Logic is present to identify and skip YAML frontmatter and specific structural tags like or .
- Capability inventory: Limited to local file read and write operations within the ~/.claude directory; no network or privilege escalation capabilities were found.
- Sanitization: Filters out structural metadata, though core instructional content is transferred verbatim to the active rule file.
Audit Metadata