Skills
skills/alfredolopez80/multi-agent-ralph-loop/sec-context-depth/Gen Agent Trust Hub

sec-context-depth

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool and references a validation hook script sec-context-validate.sh. These are used to automate security checks on code edits, which is consistent with the skill's primary purpose of code auditing.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data in the form of source code (e.g., from the src/ directory). While this presents a surface for indirect prompt injection, it is a functional requirement for a code review tool.
  • Ingestion points: Target files identified via Glob and Read tools (e.g., src/**/*.{ts,js,py,java,go}).
  • Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent to ignore instructions embedded within the analyzed code.
  • Capability inventory: Includes Read, Glob, Grep, and Bash for file manipulation and execution.
  • Sanitization: No specific sanitization or validation of the ingested code content is mentioned prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 11:06 AM
Security Audit — agent-trust-hub — sec-context-depth