agents-context-management
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands for repository maintenance, including
gitfor discovery,fdfor file searching, andlnfor creating symlinks. It also invokes external task runners such asjust mdformat-writeandjust skill-invocation-checkif they are present in the host repository. - [SAFE]: The skill implements robust guard rails at the start of
SKILL.mdthat verify the execution context. It explicitly prevents running at the filesystem root or within user configuration directories like~/.agentsor~/.claude, ensuring it remains scoped to valid project repositories. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from existing repository files (README.md, AGENTS.md, and skill definitions) during its 'polish' workflow, creating an attack surface where malicious instructions embedded in project documentation could potentially influence agent behavior.
- Ingestion points:
README.md,AGENTS.md, and.agents/skills/*/SKILL.mdfiles (as identified in the Discovery and Polish workflow sections). - Boundary markers: The skill does not currently use specific delimiters or instructions to prevent the agent from obeying instructions found within the files it is polishing.
- Capability inventory: The skill can execute subprocesses via
git,fd, andjust, and has write access to repository files. - Sanitization: No content validation or sanitization is performed on the ingested text before it is processed by the agent.
Audit Metadata