filesystem-context
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes filesystem operations to manage agent state and context. It defines a structured directory ('.gemini/') for storing scratchpad data, task plans, and agent preferences. These operations are restricted to local storage for the purpose of extending context.
- [PROMPT_INJECTION]: The 'Dynamic Skill Loading' feature introduces a mechanism where the agent reads additional instruction sets from local 'SKILL.md' files based on task requirements. This presents an indirect injection surface. Ingestion points: 'SKILL.md' files and tool outputs. Boundary markers: No specific delimiters or 'ignore' instructions are defined. Capability inventory: Uses 'read_file' and filesystem writing within '.gemini/'. Sanitization: The 'Self-Modification Guard' pattern specifies that changes to preferences must be auditable by the user.
- [DATA_EXFILTRATION]: The skill implements 'offloading', which is defined as moving large amounts of data from the active context window to local storage to optimize token usage. No external network requests or remote data transmission patterns were found.
Audit Metadata