# Audit Context Boundaries With Receipts

Agent workflows can hide what context was loaded, deferred, or copied across boundaries. This skill provides privacy-safe receipt patterns that make those decisions reviewable without exposing private content.

## Install

```bash
npx skillstore add caioribeiroclw-pixel/context-receipts
```

## Metadata

- - Slug: caioribeiroclw-pixel-context-receipts
- - Version: 1.0.0
- - Author: caioribeiroclw-pixel
- - GitHub username: caioribeiroclw-pixel
- - License: MIT
- - Repository: https://github.com/caioribeiroclw-pixel/pluribus/tree/main/skills/context-receipts/
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: low
- - Risk factors: external\_commands, filesystem
- - Quality score: 77
- - Quality tier: bronze
- - Public page: https://skillstore.pages.dev/skills/caioribeiroclw-pixel-context-receipts
- - Manifest: https://skillstore.pages.dev/api/skills/caioribeiroclw-pixel-context-receipts/manifest

## Capabilities

- Defines receipt fields for context selection, hydration, pruning, compaction, and delegation workflows.
- Shows privacy defaults that exclude raw prompts, schemas, tool outputs, transcripts, secrets, and customer names.
- Provides smoke-test patterns for MCP Tool Search, runtime tool-surface changes, and subagent tool exposure.
- Documents receipt event names for skill loading, context attention, usage attribution, and rollback checks.
- Uses hashes, counts, buckets, ids, and audit gaps to make review possible without copying sensitive content.

## Use Cases

- Review MCP Tool Loading: Check whether an agent loaded compact tool indexes first, hydrated only selected tools, and kept raw schemas out of receipts.
- Audit Subagent Boundaries: Verify whether child agent outputs, tool results, and MCP schemas crossed back into the parent context.
- Document Context Cleanup: Record what pruning or compaction changed, what was protected, and what audit gap remains after cleanup.

## Prompt Templates

### Create a Basic Receipt

```
Use the context-receipts skill to design a privacy-safe receipt for this workflow. Include selected context ids, copied raw content flags, token buckets, and audit gaps.
```

### Check Tool Search Boundaries

```
Apply the context-receipts skill to verify Tool Search behavior. Show what was indexed, searched, hydrated, suppressed, called, and left unproven.
```

### Audit Subagent Delegation

```
Use the context-receipts skill to create a boundary receipt for a subagent task. Track delegated objective hashes, child output buckets, returned summaries, and raw output flags.
```

### Design a Full Context Audit

```
Use the context-receipts skill to design receipts for retrieval, attention, Tool Search, pruning, compaction rollback, and usage attribution in one review plan.
```

## Limitations

- It is a documentation skill and does not generate receipts by itself.
- It does not validate that an agent selected the best tool or produced a correct answer.
- It depends on the agent or harness to emit receipt fields consistently.
- The README references example fixtures outside the skill directory that may not be packaged with every installation.

## Best Practices

- Use stable ids, hashes, counts, and buckets instead of raw private content.
- Always include an audit\_gap field that states what the receipt cannot prove.
- Record before and after context budget buckets for pruning, compaction, and hydration events.

## Anti Patterns

- Do not copy raw prompts, tool schemas, tool arguments, results, transcripts, secrets, or customer names into receipts.
- Do not treat a receipt as proof that the agent chose the best tool or answer.
- Do not emit vague statements such as Tool Search enabled without boundary evidence.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-28T19:46:09.001\+00:00
- - Summary: Static analysis reported many high-risk patterns, but review found markdown examples, JSON snippets, inline code, and relative documentation links rather than executable skill code. No prompt injection attempt, malicious intent, data exfiltration, or automatic command execution was found in README.md or SKILL.md.

## Stats

- - Views: 0
- - Downloads: 4
- - Favorites: 0
- - Popularity score: 0
