octocode-research
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local development tools, such as ripgrep, to perform efficient code searches across the user's local filesystem as part of its core research functionality.
- [EXTERNAL_DOWNLOADS]: The skill interacts with established, well-known services including GitHub and the npm registry to fetch repository content, metadata, and package information for research purposes.
- [DATA_EXFILTRATION]: To prevent accidental data exposure, the server includes a logging system that identifies and redacts sensitive keys such as 'token', 'password', and 'api_key' before writing request data to local log files.
- [PROMPT_INJECTION]: The skill explicitly mitigates the risk of indirect prompt injection through its security guidelines in 'references/GUARDRAILS.md', which instruct the agent to treat all external code as untrusted data and ignore any commands embedded in code comments.
Audit Metadata