Skills
skills/recallnet/codecontext/context-staged/Gen Agent Trust Hub

context-staged

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx codecontext to download a package from the public npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill executes the downloaded codecontext package via npx, which allows for the execution of unverified remote code on the local machine.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to interact with the git staging area.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from staged files. 1. Ingestion points: Staged files in the git repository (processed by npx codecontext --staged). 2. Boundary markers: None. There are no delimiters or instructions to the agent to ignore potentially malicious content within the staged files. 3. Capability inventory: Shell command execution via Bash tool (SKILL.md). 4. Sanitization: None. The skill processes raw file content and uses it to recommend actions to the user.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 04:21 PM