sourcerer
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Extensive use of shell commands such as
git,rg(ripgrep),gh(GitHub CLI), andfindto manage a local repository cache in~/.sourcerer/reposand search for code symbols, history, or issues. - [EXTERNAL_DOWNLOADS]: Clones repositories from remote hosts (GitHub, GitLab, Bitbucket) based on user-provided URLs. While primarily for research, this involves downloading arbitrary content from untrusted external sources.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes untrusted data from repository source code, READMEs, issue descriptions, and PR comments. * Ingestion points: Local clones and output from
ghCLI commands. * Boundary markers: No explicit delimiters are used to separate untrusted external content from agent instructions. * Capability inventory: Includes filesystem access, network access (via git and gh), and shell command execution. * Sanitization: Repository content is processed as-is without validation or filtering.
Audit Metadata