context-manager
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to process and summarize external content (other agent outputs and conversation history), creating a surface for indirect prompt injection.
- Ingestion points: SKILL.md instructions for 'Review the current conversation and agent outputs' and 'Extract important context'.
- Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are specified.
- Capability inventory: None; the skill lacks subprocess execution, file-system writing, or network access.
- Sanitization: Absent.
- [NO_CODE] (SAFE): No executable code, shell commands, or script files are present in the skill, precluding most technical attack vectors.
Audit Metadata