context-continuity-code
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to gather system and repository state, including git status, git log, git branch, git diff, lsof, and env.
- [DATA_EXFILTRATION]: Specifically instructs the agent to query and display environment variables matching sensitive patterns such as 'DATABASE', 'API', and 'APP_'. This creates a risk of exposing sensitive credentials or connection strings in the transfer artifact produced by the agent.
- [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface by ingesting untrusted local data. 1. Ingestion points: Output from git diff, git log, and env commands. 2. Boundary markers: Uses markdown headers for sections (e.g., § CODE CONTEXT) but lacks instructions to treat ingested data as untrusted. 3. Capability inventory: Capability to execute shell commands (git, env, lsof) and local scripts. 4. Sanitization: No evidence of sanitization or validation of the data retrieved from the shell environment.
Audit Metadata