repo-intel
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from the repository.
- Ingestion points: Processes git history, AST symbols, and project metadata from the local repository (SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore instructions embedded within the analyzed repository data.
- Capability inventory: The skill triggers repository analysis and update commands (
/repo-intel init,/repo-intel update) which interact with the file system and git history. - Sanitization: No sanitization or validation of the repository-sourced data is described in the logic.
- [COMMAND_EXECUTION]: The skill uses a placeholder
$ARGUMENTSwithin a Javascript code block to handle user input. While typical for many agent platforms, if the underlying platform performs direct string replacement without escaping, it could lead to script injection or argument manipulation.
Audit Metadata