context-pack

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is purely instructional and does not contain any executable code, scripts, or external dependencies. It utilizes platform configuration to disable external model tool invocation, limiting the execution scope.
  • [PROMPT_INJECTION]: The skill handles untrusted data from the conversation history to generate summaries, representing an indirect prompt injection surface. 1. Ingestion points: The current conversation history and user-provided arguments (SKILL.md). 2. Boundary markers: The document structure does not mandate the use of delimiters or 'ignore' instructions for the summarized content. 3. Capability inventory: The skill has the capability to write markdown files to the operating system's temporary storage area. 4. Sanitization: The skill includes clear, mandatory instructions for the agent to redact sensitive information, such as API keys and personally identifiable information, prior to document creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:58 AM
Security Audit — agent-trust-hub — context-pack