opencontext

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @aicontextlab/cli package from the public NPM registry. This is the core dependency for the skill's stated purpose.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI commands, such as oc init, oc search, and oc context manifest, via the system shell to manage project memory and context.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8).
  • Ingestion points: Content is ingested from repository files via oc search and oc context manifest, as documented in references/load-search-store-playbook.md.
  • Boundary markers: The instructions do not provide specific delimiters or instructions to the agent to distinguish its internal rules from the content of loaded documents.
  • Capability inventory: The agent possesses Bash and Write capabilities as defined in the allowed-tools field in SKILL.md, which could be exploited if an ingested document contains malicious commands.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the processed project documents before they are incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — opencontext