context-bundling
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: The skill ingests content from local files specified in a JSON manifest, which are read and concatenated by the
scripts/bundle.pyengine.\n - Boundary markers: The generated output document uses structured Markdown headers and fenced code blocks (using four backticks for markdown files) to separate file metadata and content, reducing the risk of the receiving agent misinterpreting data as instructions.\n
- Capability inventory: The skill's primary capabilities are limited to reading local files and writing a compiled Markdown file. Analysis of
scripts/bundle.pyandscripts/manifest_manager.pyconfirms no arbitrary command execution, network requests, or dynamic code evaluation is performed.\n - Sanitization: The skill implements a safety blacklist in
scripts/bundle.pythat automatically skips sensitive files and directories such as.env,node_modules, and__pycache__during the aggregation process.
Audit Metadata