filesystem-context
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation. It provides conceptual patterns and pseudo-code examples for context engineering but does not ship with any functional code or executable scripts.
- [INDIRECT_PROMPT_INJECTION]: The guide describes patterns for ingesting external data (such as web search results or tool outputs) into the filesystem for the agent to read later. This creates a potential surface for indirect prompt injection if the ingested data contains malicious instructions.
- Ingestion points: Pattern 1 (Tool Output Offloading) and Pattern 5 (Terminal/Log Persistence) describe saving external data to files.
- Boundary markers: Examples show returning summaries and file references to the context window, but do not provide specific instruction delimiters for the files themselves.
- Capability inventory: The skill assumes the agent has access to
write_file,read_file,grep,ls, andglobtools. - Sanitization: Not provided in the documentation; however, the guide includes a warning to 'guard self-modification patterns with validation'.
Audit Metadata