Skills
skills/cederberg/incubator/distill-context/Gen Agent Trust Hub

distill-context

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data which creates an indirect prompt injection surface.
  • Ingestion points: The skill reads project source files, READMEs, and conversation logs located in .agent/memory/conversation-*.md.
  • Boundary markers: No boundary markers or 'ignore' instructions are used when interpolating ingested data into the agent's context.
  • Capability inventory: The skill possesses the Write tool to create or modify files like AGENTS.md and Makefile, and the Bash tool to execute git commands.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content extracted from conversation logs or source code before it is used to generate documentation or build scripts.
  • [COMMAND_EXECUTION]: The skill performs dynamic generation of build scripts which could execute unintended commands.
  • In Research Mode, the agent is instructed to 'Bootstrap' a Makefile by inferring build and test targets from the codebase.
  • If a malicious actor places deceptive instructions in a source file or conversation log, the agent might be tricked into including malicious shell commands as targets within the generated Makefile.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 11:11 AM