semble
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the 'semble' package and its associated components from the official Python Package Index (PyPI) using package managers such as 'pip' and 'uv'.
- [COMMAND_EXECUTION]: The installation and operation of the tool require several shell commands, including configuring Model Context Protocol (MCP) servers and executing search queries that interact with the local file system.
- [DATA_EXFILTRATION]: The tool supports indexing and searching remote git repositories (e.g., via GitHub), which necessitates outbound network connectivity to retrieve and process codebase data.
- [PROMPT_INJECTION]: The skill processes untrusted external data (source code from indexed repositories), creating a surface for indirect prompt injection. Maliciously crafted content in a processed repository could attempt to influence the agent's behavior.
- Ingestion points: External code snippets are ingested into the agent context via the 'semble search' and 'semble find-related' tools (SKILL.md).
- Boundary markers: The skill documentation does not provide specific delimiters or instructions to ignore embedded commands in the returned code chunks.
- Capability inventory: The agent environment includes powerful capabilities such as 'Bash', 'Write', and 'WebFetch' tools (SKILL.md).
- Sanitization: No validation or sanitization of the retrieved code content is mentioned before it is presented to the agent.
Audit Metadata