Skills
NYC
skills/thebushidocollective/han/claude-agent-sdk-context-management/Gen Agent Trust Hub

claude-agent-sdk-context-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest data from external files (.claude/CLAUDE.md and ~/.claude/CLAUDE.md) and interpolate the content into system prompts. If these files are modified by an attacker in a repository, they could influence agent behavior.
  • Ingestion points: .claude/CLAUDE.md (Project Context) and ~/.claude/CLAUDE.md (User Preferences).
  • Boundary markers: Absent; examples do not show delimiters or instructions to ignore embedded commands within these files.
  • Capability inventory: The skill allows Bash, Read, Write, and Edit tools, and demonstrates execSync for shell command execution.
  • Sanitization: None; the code examples interpolate file contents directly into templates.
  • [Command Execution] (LOW): The skill demonstrates the use of execSync to retrieve git environment metadata (branch names, status) to enrich the agent's context.
  • Evidence: execSync('git branch --show-current') and execSync('git status --short') in the 'Context Injection' section.
  • [Best Practices] (SAFE): The skill includes an 'Anti-Patterns' section that explicitly warns developers against hardcoding secrets (API keys, database credentials) in context files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM