code-refactoring-context-restore
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data for context restoration, creating a potential attack surface for indirect prompt injection.
- Ingestion points: Data enters the agent context via the context_source parameter, which targets vector databases or file systems as specified in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the instructions to prevent the agent from obeying instructions found in retrieved data.
- Capability inventory: The skill outlines procedures for reading and ranking data from external sources (e.g., VectorDatabase.search) but does not include dangerous capabilities like file-writing or subprocess execution in the provided documentation.
- Sanitization: No evidence of input validation, escaping, or filtering of retrieved content is provided in the skill's logic.
Audit Metadata