context-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local Python scripts (context_snapshot.py and context_manager.py) to handle session snapshots and data persistence.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It extracts information from the user's conversation history and persists it in local files, which are later re-introduced into the agent's context. Ingestion points: Conversation history (Phase 1). Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when extracting or reading snapshot data. Capability inventory: Execution of Python scripts and modification of system files like MEMORY.md. Sanitization: No evidence of content validation or filtering of the extracted conversation history.
Audit Metadata