context-management
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a 'squashing' workflow where the agent summarizes previous conversation history into a summary message that is then re-injected into the active context via the
context_checkouttool. This creates a potential surface for indirect prompt injection if malicious instructions in the history are incorporated into the summary. - Ingestion points: Conversation history containing untrusted data (user messages, tool outputs, external file content) is processed in
SKILL.mdvia the 'BUILD, PERCEIVE, NAVIGATE' philosophy. - Boundary markers: The instructions do not mandate the use of delimiters (e.g., XML tags or triple backticks) to isolate the summary content or provide 'ignore' instructions for the summarized text.
- Capability inventory: The skill utilizes
context_tag,context_log, andcontext_checkouttools to manipulate the agent's memory and state. - Sanitization: There are no instructions to sanitize, filter, or escape potentially executable instructions during the summarization of raw history into the checkout message.
Audit Metadata