context-bundling
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from project files and processes them into a consolidated output.\n
- Ingestion points: Local project files specified in the manifest or discovered via recursive directory resolution (SKILL.md, references/acceptance-criteria.md).\n
- Boundary markers: The skill uses Markdown fenced code blocks to delimit file contents in the final output file, which provides some structural separation but is not a security boundary.\n
- Capability inventory: Utilizes Bash (cat), Read (view_file), and Write tools to aggregate and save file content across the project structure (SKILL.md).\n
- Sanitization: There is no evidence of sanitization or content filtering to prevent malicious instructions within bundled files from influencing the agent's behavior during processing.\n- [DATA_EXFILTRATION]: The skill facilitates the aggregation of multiple files into a single portable artifact, which introduces a risk of sensitive data exposure.\n
- Potential for Exposure: The skill lacks a built-in blacklist or exclusion mechanism for sensitive file types or directories, such as SSH keys (
/.ssh), cloud provider credentials (/.aws), or environment files containing secrets (.env).\n - Usage Risk: The instructions encourage bundling architectural and logic-heavy files, which may lead to the unintentional inclusion of hardcoded secrets or sensitive configurations in a format intended for external review.
Audit Metadata