agent-context
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning an external repository from
https://github.com/AndreaGriffiths11/agent-context-system.git. This source does not belong to a trusted organization or the skill's documented vendor (openclaw), representing an unverified third-party dependency. - [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool (
agent-context) provided by the external repository to perform operations like project initialization, validation, and context promotion. These commands execute scripts locally on the user's system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of reading untrusted project files.
- Ingestion points: The agent is instructed to read
AGENTS.mdand.agents.local.md(scratchpad) at the start of every session. - Boundary markers: The skill explicitly instructs the agent to treat the scratchpad as factual data rather than instructions and to ignore content resembling behavioral overrides.
- Capability inventory: The agent can execute shell commands via the
agent-contextCLI and write to local project files. - Sanitization: The protocol requires the agent to propose session logs to the user for approval before appending them to the local scratchpad file.
Audit Metadata