ghgrab
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash to check for tool availability and execute installation commands for the 'ghgrab' utility.
- [EXTERNAL_DOWNLOADS]: Recommends downloading the 'ghgrab' package from established registries including NPM (@ghgrab/ghgrab), Cargo (ghgrab), and PyPI/pipx (ghgrab). It also fetches user-specified files from remote GitHub repositories at runtime.
- [PROMPT_INJECTION]: The skill processes untrusted data from external GitHub repositories, which presents a surface for indirect prompt injection. 1. Ingestion points: GitHub repository structures, directory names, and file contents retrieved via the
ghgrabcommand. 2. Boundary markers: None identified; the tool output is directly incorporated into the agent's context. 3. Capability inventory: Includes the ability to execute Bash commands, write/edit files, and perform file system searches (Glob, Grep). 4. Sanitization: No specific sanitization or filtering is applied to the data retrieved from external repositories before it is processed.
Audit Metadata