Skills
skills/affaan-m/ecc/repo-scan/Gen Agent Trust Hub

repo-scan

Fail

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The installation instructions fetch code from an unverified GitHub repository (https://github.com/haibindev/repo-scan.git). This source does not belong to a trusted organization or well-known service.
  • [REMOTE_CODE_EXECUTION]: The provided installation script downloads and moves third-party code into the agent's persistent skill directory (~/.claude/skills/). This allows the agent to execute unverified code from an external source.
  • [PROMPT_INJECTION]: The skill processes untrusted source code for auditing purposes, creating a surface for indirect prompt injection where malicious content in scanned files could influence the agent's behavior.
  • Ingestion points: The skill reads file names, directory structures, headers, and content from audited repositories.
  • Boundary markers: No specific boundary markers or instructions to disregard embedded commands are mentioned in the tool's description.
  • Capability inventory: The tool performs file classification, library detection, and interactive HTML report generation.
  • Sanitization: No evidence of content sanitization or validation is provided for the files being analyzed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 22, 2026, 02:06 PM
Security Audit — agent-trust-hub — repo-scan