Skills
skills/bgauryy/octocode/octocode-roast/Gen Agent Trust Hub

octocode-roast

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill identifies the need for and suggests the installation of the octocode-mcp NPM package if the required MCP tools are not found in the environment.
  • [REMOTE_CODE_EXECUTION]: In the discovery phase, the skill provides a configuration snippet that uses npx -y octocode-mcp to fetch and execute the Octocode MCP server from a remote registry.
  • [COMMAND_EXECUTION]: The skill uses local shell-level tools (MCP tools) and git diff to acquire code targets, search for patterns, and perform file modifications during the 'Resurrection' phase.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted code content from the local environment.
  • Ingestion points: Code content is read using localGetFileContent and searched via localSearchCode (referenced in SKILL.md).
  • Boundary markers: The instructions do not define strict delimiters to isolate code content from instructions for the agent, though it does follow a specific analysis structure.
  • Capability inventory: The agent has the ability to execute shell-level search tools and modify local files (Phases 1-6).
  • Sanitization: The skill implements 'Law 3' to redact the values of hardcoded secrets, but lacks general sanitization to prevent the agent from obeying instructions embedded in code comments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:17 PM
Security Audit — agent-trust-hub — octocode-roast