context-mode-ops
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses aggressive behavioral overrides and persona reinforcement techniques, such as the "OWNER OPERATING DIRECTIVE" with "ABSOLUTE" importance and a policy that "supersedes-all-other-sections." These patterns are designed to constrain the agent's reasoning and prioritize specific operational rules over general system guidelines.
- [COMMAND_EXECUTION]: The skill automates repository management and package publishing through the execution of shell commands like
git push,npm version patch, andnpm publish. While these are expected for a DevOps skill, they represent significant capabilities that require careful oversight. - [EXTERNAL_DOWNLOADS]: The skill references external resources like the
mksglu/context-moderepository on GitHub and suggests installation vianpx skills add. These references are to well-known services and the vendor's own infrastructure. - [PROMPT_INJECTION]: The skill processes untrusted input from GitHub issues and pull requests, creating a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: External content from GitHub issues and PRs fetched via
ghCLI commands intriage-issue.mdandreview-pr.md. - Boundary markers: The skill lacks explicit delimiters or specific instructions to ignore embedded commands when processing external text.
- Capability inventory: The skill can spawn multiple subagents with "ultrathink" authority, merge PRs, and publish packages to npm.
- Sanitization: The skill relies on manual "Claim Verification" gates and "Architect" review processes to validate external behavioral claims before implementation.
Audit Metadata