octocode
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions for the agent to execute the
octocodeCLI binary to perform various file system and network operations. - [EXTERNAL_DOWNLOADS]: The skill allows the agent to fetch repository structures, read remote files, and clone repositories from GitHub and npm using the CLI tool.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external sources.
- Ingestion points: The agent reads code, PR descriptions, and package info from external GitHub and npm repositories via
octocode cat,octocode grep,octocode pr, andoctocode clonecommands. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands in the processed data are provided in the skill instructions.
- Capability inventory: The agent has the capability to execute shell commands (
octocode) and read/write to the local filesystem. - Sanitization: There is no mention of sanitizing or escaping the content retrieved from external sources before it is processed by the agent.
- [CREDENTIALS_UNSAFE]: The skill documentation references the use of sensitive environment variables such as
GITHUB_TOKEN,OCTOCODE_TOKEN, andGH_TOKENfor authentication. While this is standard practice for CLI tools interacting with the GitHub API, it highlights the agent's access to sensitive credentials.
Audit Metadata