Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/agent-context-loader/Gen Agent Trust Hub

agent-context-loader

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's core functionality is to ingest instructions from external AGENTS.md files, which presents a surface for indirect prompt injection.
  • Ingestion points: The skill scans the current directory and all ancestor directories for AGENTS.md or agents.md files (SKILL.md).
  • Boundary markers: There are no instructions to wrap the external content in delimiters or include warnings to ignore embedded instructions. The skill explicitly tells the agent to extract instruction blocks and merge instructions into a unified context (SKILL.md).
  • Capability inventory: The skill uses Read, Write, Edit, Grep, Glob, Bash(general:) and Bash(util:) tools (SKILL.md frontmatter).
  • Sanitization: No sanitization or validation of the extracted file content is performed before it is added to the agent's operational context.
  • [COMMAND_EXECUTION]: The skill requests broad shell access via Bash(general:) and Bash(util:). While the stated purpose is for file discovery and searching, these tools provide a significant attack surface if the agent is influenced by malicious instructions loaded via the context loader (SKILL.md frontmatter).
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 01:35 AM
Security Audit — agent-trust-hub — agent-context-loader