context-agent
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by automatically extracting content from untrusted session logs to populate the agent's persistent memory. 1. Ingestion points: The
session_parser.pyscript reads JSONL session logs from the.claude/projectsdirectory. 2. Boundary markers: No protective delimiters or instructions to ignore embedded commands are present in the resultingMEMORY.mdfile. 3. Capability inventory: The skill has the capability to write to the agent's memory configuration (active_context.py) and manage a local database (search.py). 4. Sanitization: Information extraction is based on simple keyword matching insession_summary.pywith no content validation, allowing potentially malicious instructions from chat logs to persist into the agent's system prompt. - [COMMAND_EXECUTION]: The skill utilizes a CLI entry point (
context_manager.py) to run Python scripts that access and process sensitive chat history and project data stored within the user's home directory paths (e.g.,C:\Users\renat\.claude\projects).
Audit Metadata