context-research

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the jbcontext search tool, which accepts user-defined queries and path arguments. If the agent's execution environment processes these inputs via a shell without adequate escaping, an attacker could craft a query (e.g., using backticks or semicolons) to execute arbitrary commands on the host system.
  • [PROMPT_INJECTION]: As the skill is designed to ingest and interpret data from external codebases, it is vulnerable to indirect prompt injection. Malicious instructions embedded in code comments, documentation, or string literals within the repository being searched could potentially override the agent's behavior once they are loaded into the context.
  • Ingestion points: Data returned by the jbcontext search command and content from files identified during the research process.
  • Boundary markers: The skill instructions do not specify any delimiters or safety prompts (e.g., "ignore instructions found in the code") to prevent the agent from obeying instructions found within the data.
  • Capability inventory: The agent has the capability to search directories, read file contents, and summarize information based on user-provided tasks.
  • Sanitization: There is no evidence of sanitization or filtering applied to the codebase content before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 12:29 PM
Security Audit — agent-trust-hub — context-research