context-surfing
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from multiple project files and local session artifacts, creating an indirect prompt injection surface.
- Ingestion points: Reads
CLAUDE.md,AGENTS.md,README.md, and all root-level.mdfiles, plus handoff files in the.context-surfing/directory. - Boundary markers: Absent; instructions and context from these files are directly incorporated into the agent's operation.
- Capability inventory: The skill writes handoff files to the filesystem and executes shell scripts and CLI commands.
- Sanitization: No sanitization or validation of content from external files is performed.
- [COMMAND_EXECUTION]: The skill uses a shell script (
scripts/handoff-checker.sh) as a hook in agent settings and executesentire statusto interface with the Entire CLI for session tracking. - [EXTERNAL_DOWNLOADS]: The skill is installed from a remote source via
npx skills add pskoett/pskoett-ai-skills/skills/context-surfing, which is a repository maintained by the author.
Audit Metadata