clonedeps
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The workflow instructs the orchestrator agent to use standard
gitcommands (git ls-remote,git clone,git remote get-url) to manage external source code sources. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading repository content into a local
.slim/clonedeps/repos/directory. The instructions include validation logic to ensure URLs are HTTPS-based and do not contain embedded credentials or local path references. - [SAFE]: The skill implements several defensive measures to mitigate risks associated with processing external content:
- Script Execution Prohibition: Explicitly instructs the agent not to run installation, build, or test scripts from cloned repositories.
- Path Sanitization: Employs a safe-naming convention for directories (e.g., replacing slashes with double underscores) to prevent path traversal.
- User Control: Requires the agent to present a plan and obtain user confirmation before performing network cloning.
- Contextual Isolation: Adds clear marker blocks to
AGENTS.mdand.ignorefiles to identify cloned content as read-only metadata, which helps mitigate indirect prompt injection surfaces by providing clear boundaries for future agent interactions.
Audit Metadata