project-context
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
pwd,git status, andgit log --oneline -5to determine the current working directory and synchronize project state with version control history. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by reading and processing content from local project files into the agent's active context.
- Ingestion points: The agent reads contents from
PROJECT_CONTEXT.md,CLAUDE.md,package.json,pyproject.toml, andrequirements.txtwithin the current project directory. - Boundary markers: There are no explicit delimiters or specific instructions to ignore embedded prompts when these files are read and processed.
- Capability inventory: The skill maintains the ability to execute shell commands (via git) and perform file system read/write operations based on the state derived from these files.
- Sanitization: The content retrieved from the local environment is used directly without sanitization or validation to update the session's focus items and project status.
Audit Metadata