manage-context
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local bash scripts for project management tasks, specifically
.agents/scripts/pm/validate.sh,.agents/scripts/pm/status.sh, and.agents/scripts/pm/search.sh. These are used to verify project consistency and retrieve status. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and processing external project documentation.
- Ingestion points: The skill reads
.project/context/*.md,spec.md,plan.md,workstreams/*.md,decisions.md, and recent task state/review feedback. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the ingested data are present.
- Capability inventory: The skill has the ability to write to files under
.project/context/and execute local shell scripts. - Sanitization: There is no evidence of content sanitization or validation of the input data before it is processed or written back to the file system.
Audit Metadata