context-agent
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python scripts using absolute file paths pointing to a specific user's directory (
C:\Users\renat\...). This implementation hardcodes environment-specific dependencies and assumes the presence of scripts at those locations. - [PROMPT_INJECTION]: The skill architecturally implements a memory loop where session data is summarized and written to
MEMORY.md, which is then incorporated into the agent's system prompt for subsequent sessions. This persistent state allows for indirect prompt injection if malicious content from a previous session is summarized and persisted. - Ingestion points: The skill parses session history from JSONL log files and summary markdown files stored in the
data/sessions/directory. - Boundary markers: No delimiters or safety instructions are defined to distinguish between trusted system instructions and untrusted summarized context in the memory files.
- Capability inventory: The skill has the capability to execute local scripts and modify the agent's persistent memory file (
MEMORY.md). - Sanitization: There is no description of input validation, filtering, or sanitization processes applied to the session logs before they are transformed into persistent system prompt content.
Audit Metadata