opencontext
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @aicontextlab/cli package from the public NPM registry. This is the core dependency for the skill's stated purpose.
- [COMMAND_EXECUTION]: The skill utilizes several CLI commands, such as oc init, oc search, and oc context manifest, via the system shell to manage project memory and context.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8).
- Ingestion points: Content is ingested from repository files via oc search and oc context manifest, as documented in references/load-search-store-playbook.md.
- Boundary markers: The instructions do not provide specific delimiters or instructions to the agent to distinguish its internal rules from the content of loaded documents.
- Capability inventory: The agent possesses Bash and Write capabilities as defined in the allowed-tools field in SKILL.md, which could be exploited if an ingested document contains malicious commands.
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the processed project documents before they are incorporated into the agent's context.
Audit Metadata