context-distiller
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to map codebases and aggregate context files.
- [REMOTE_CODE_EXECUTION]: The skill recommends using package runners to execute context management tools. Evidence: Recommends
bun x repomixinreferences/automated-context-packing.mdto fetch and run the Repomix utility. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external files. 1. Ingestion points: Aggregates context from
docs/AGENTS.md,.gemini/GEMINI.md, and project source files. 2. Boundary markers: The skill does not define specific isolation markers for ingested content. 3. Capability inventory: The agent has capabilities for shell command execution and file operations. 4. Sanitization: While it provides guidance on scrubbing secrets, it does not include specific sanitization for potential instructions embedded in the project files.
Audit Metadata