agent-context-validator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to test code examples by compiling and running them, and to verify that commands execute without error. This involves the use of the
Bashtool to perform arbitrary command execution based on content found in the agent's context. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core mission involves processing and acting upon untrusted data (code and commands) provided in the input context.
- Ingestion points: Code snippets, shell commands, and API documentation provided in the conversation context or source files (SKILL.md).
- Boundary markers: None identified; there are no instructions to differentiate between valid technical content and malicious directives embedded within the data.
- Capability inventory: Includes
Bash,WebSearch, and specialized MCP tools for library and document retrieval (SKILL.md). - Sanitization: Absent; the skill relies on direct execution and live API requests to confirm validity without pre-validation of the input's safety.
- [EXTERNAL_DOWNLOADS]: The agent is instructed to validate API endpoints by making actual network requests and checking if external URLs are reachable (returning a 200 status code). This involves outbound network operations to arbitrary domains defined in the validated content.
Audit Metadata