Skills
skills/johnnichev/nv-skills/nv-context/Gen Agent Trust Hub

nv-context

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands such as grep, glob, and git log to automatically detect the project's technology stack and tools. This is the primary function for generating repository-specific configuration.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes the entire repository codebase which could contain untrusted data.
  • Ingestion points: Codebase analysis in Phase 1 reads all files in the repository.
  • Boundary markers: No explicit delimiters are used to separate ingested content from the generation prompt.
  • Capability inventory: The skill can write configuration files (AGENTS.md, CLAUDE.md), install Git hooks, and create GitHub Actions.
  • Sanitization: The skill does not perform sanitization on the repository content it reads before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 04:57 AM
Security Audit — agent-trust-hub — nv-context