context-engine
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from a local file (~/.claude/company-context.md) to populate agent memory, creating an indirect prompt injection surface. \n
- Ingestion point: Reads from ~/.claude/company-context.md as specified in the Load Protocol. \n
- Boundary markers: Parses content into specific working memory fields such as company stage and founder archetype. \n
- Capability inventory: The skill references capabilities for performing external API calls and web searches in its anonymization protocol. \n
- Sanitization: Implements a multi-rule anonymization protocol to redact sensitive identifiers before any data leaves the local environment. \n- [DATA_EXFILTRATION]: The skill accesses and processes sensitive business data, including financials, runway figures, and customer names stored in the ~/.claude/ directory. While it includes extensive instructions for anonymization, the ingestion of such information into the agent's context poses an exposure risk if protection rules are bypassed during external tool usage.
Audit Metadata