context-extract
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes bash commands (mkdir, cat, mv, git) to manage files and synchronize repositories. Executing shell commands based on the current working directory name and environment variables introduces risks of unintended execution or command manipulation in compromised environments.
- DATA_EXFILTRATION (MEDIUM): The command 'git push origin' transmits the contents of the .claude/context/ directory to a remote server. If the repository's origin is set to an attacker-controlled destination, this leads to the exfiltration of sensitive project history, decisions, and development plans.
- PROMPT_INJECTION (LOW): (Category 8
- Indirect) The skill reads existing history and decision files to detect 'direction changes' and compare planned vs. actual work. Evidence Chain: 1. Ingestion points: HISTORY.md, DECISIONS.md, DIRECTIONS.md, CONTEXT.md; 2. Boundary markers: Absent; 3. Capability inventory: git push, shell execution; 4. Sanitization: Absent. Malicious instructions embedded in these files could influence the agent's logic during the extraction process.
Audit Metadata