uapi-get-github-repo
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
https://uapis.cnto retrieve repository metrics. This domain is not on the trusted organization or well-known service whitelist.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted repository metadata from GitHub.\n - Ingestion points: External data such as repository descriptions, owner info, and branch details are retrieved from the API in
references/operations/get-github-repo.md.\n - Boundary markers: No delimiters or instructions are provided to the agent to ignore or isolate instructions embedded in the retrieved metadata.\n
- Capability inventory: The skill itself contains no local execution scripts, subprocess calls, or file-writing tools.\n
- Sanitization: The skill does not implement or describe any validation, escaping, or filtering of the content returned by the API before processing.
Audit Metadata