opencontext
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install a global NPM package @aicontextlab/cli and download software releases from a GitHub repository (0xranx/OpenContext). These sources are not part of the trusted vendors list.
- [COMMAND_EXECUTION]: The skill relies on the execution of CLI commands like oc init and oc search. It also mentions running arbitrary shell commands, such as docker-compose up -d, within a multi-agent workflow.
- [CREDENTIALS_UNSAFE]: The skill documentation includes instructions for users to save sensitive credentials, specifically an EMBEDDING_API_KEY, using the tool's configuration command.
- [PROMPT_INJECTION]: The skill processes data from a local knowledge base, creating a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context through oc search and oc_list_docs as described in SKILL.md.
- Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the retrieved documents.
- Capability inventory: The skill performs subprocess calls via shell, file writing via oc doc create, and network operations for API access.
- Sanitization: No sanitization or validation of the ingested content is documented.
Audit Metadata