mini-context-graph
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a secure architecture for local data persistence. It uses deterministic Python logic to manage a structured knowledge graph and wiki pages. No malicious behaviors, such as exfiltration, privilege escalation, or remote code execution, were detected.
- [PROMPT_INJECTION]: Instruction files including 'ingestion.md' and 'retrieval.md' were audited for malicious patterns. No attempts to bypass safety filters, extract system prompts, or override agent constraints were found. The skill provides task-specific guidance for entity extraction and synthesis.
- [DATA_EXFILTRATION]: The code was scanned for network activity and sensitive file access. No calls to external APIs, use of networking libraries (e.g., requests, urllib), or access to sensitive system paths (e.g., .ssh, .aws) were found. Data is stored in directories controlled by environment variables or defaulting to the local workspace.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted text for processing, which is an inherent risk surface for knowledge management tools.
- Ingestion points: Raw document content enters the system via 'scripts/contextgraph.py' and 'references/ingestion.md'.
- Boundary markers: The current instructions do not specify the use of delimiters or 'ignore embedded instructions' markers when the agent processes source documents.
- Capability inventory: The skill allows the agent to write markdown files in the 'wiki/' directory and JSON data in the 'data/' directory.
- Sanitization: Content is persisted directly to files without specific sanitization, relying on the agent's reasoning capabilities and the tool's deterministic file handling.
Audit Metadata