project-context-loader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from the project codebase and possesses high-impact capabilities including arbitrary command execution and file modification. This creates a risk where malicious instructions embedded in project files could be executed by the agent.
- Ingestion points: Codebase scanning using
ls,Grep, andReadon project source files and configuration (package.json). - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the scanned code.
- Capability inventory:
Read,Write,Grep,Glob, andBashaccess. - Sanitization: Absent; data from the codebase is directly interpolated into a context file and processed by the agent.
- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to run a local script
scripts/context-compress.shusingbash. Because the contents of this script are not provided within the skill's distribution, its behavior cannot be audited, representing a risk of unverified code execution. - [Data Exposure] (LOW): The skill is designed to read and aggregate project-specific metadata and patterns. While functional, this provides an automated path for an agent to access and potentially leak sensitive project structures if combined with other vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata