clonedeps

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The workflow instructs the orchestrator agent to use standard git commands (git ls-remote, git clone, git remote get-url) to manage external source code sources.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading repository content into a local .slim/clonedeps/repos/ directory. The instructions include validation logic to ensure URLs are HTTPS-based and do not contain embedded credentials or local path references.
  • [SAFE]: The skill implements several defensive measures to mitigate risks associated with processing external content:
  • Script Execution Prohibition: Explicitly instructs the agent not to run installation, build, or test scripts from cloned repositories.
  • Path Sanitization: Employs a safe-naming convention for directories (e.g., replacing slashes with double underscores) to prevent path traversal.
  • User Control: Requires the agent to present a plan and obtain user confirmation before performing network cloning.
  • Contextual Isolation: Adds clear marker blocks to AGENTS.md and .ignore files to identify cloned content as read-only metadata, which helps mitigate indirect prompt injection surfaces by providing clear boundaries for future agent interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:01 PM
Security Audit — agent-trust-hub — clonedeps