Skills
skills/rexleimo/rex-cli/contextdb-autopilot/Gen Agent Trust Hub

contextdb-autopilot

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing local shell scripts (scripts/ctx-agent.sh) and Node.js scripts (scripts/ctx-agent-core.mjs). It also utilizes npm run contextdb for database operations, involving significant filesystem interactions for reading and writing session history.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It aggregates untrusted data from previous session logs (found in memory/context-db/sessions/) and interpolates them into the agent's context in subsequent runs.
  • Ingestion points: Session data from memory/context-db/sessions/ and user-provided strings via the --prompt argument.
  • Boundary markers: None specified in the documentation to distinguish between system instructions, historical context, and new user input.
  • Capability inventory: The skill executes various AI agent CLIs (codex-cli, claude-code, gemini-cli, opencode-cli) which have broad capabilities including filesystem access and tool execution.
  • Sanitization: No evidence of sanitization or filtering of historical context before it is fed back into the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 11:48 AM