octocode-researcher
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads project dependencies and repository data from legitimate, well-known services including the NPM registry and GitHub to enable code analysis.
- [COMMAND_EXECUTION]: Utilizes standard system utilities such as git, ripgrep, find, and the GitHub CLI as fallback mechanisms for directory navigation and content searching.
- [REMOTE_CODE_EXECUTION]: Recommends the use of npx to execute the vendor's octocode-mcp package from the NPM registry.
- [PROMPT_INJECTION]: Identified an indirect prompt injection attack surface as the skill processes untrusted data from local and external repositories.
- Ingestion points: The skill reads file contents using localGetFileContent and githubGetFileContent.
- Boundary markers: No explicit markers or instructions are provided to the agent to disregard instructions found within the researched code.
- Capability inventory: The agent has access to repository cloning and shell command execution via fallback tiers.
- Sanitization: Although specific sensitive files are excluded from results, there is no explicit sanitization of the research data itself.
Audit Metadata