manage-context

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local bash scripts for project management tasks, specifically .agents/scripts/pm/validate.sh, .agents/scripts/pm/status.sh, and .agents/scripts/pm/search.sh. These are used to verify project consistency and retrieve status.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and processing external project documentation.
  • Ingestion points: The skill reads .project/context/*.md, spec.md, plan.md, workstreams/*.md, decisions.md, and recent task state/review feedback.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the ingested data are present.
  • Capability inventory: The skill has the ability to write to files under .project/context/ and execute local shell scripts.
  • Sanitization: There is no evidence of content sanitization or validation of the input data before it is processed or written back to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 12:42 AM
Security Audit — agent-trust-hub — manage-context