explore
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones source code from GitHub using the official
ghCLI. This is the intended purpose of the skill and leverages a trusted well-known service infrastructure. - [COMMAND_EXECUTION]: Executes shell scripts and GitHub CLI commands to manage repository operations. User-supplied arguments are correctly quoted in
scripts/clone.shto prevent command injection. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze external, untrusted data from GitHub, making it a surface for indirect prompt injection attacks.
- Ingestion points: All files and metadata within the cloned repository directory (e.g., source code, markdown documentation, configuration files).
- Boundary markers: Not present; the instructions do not specify any delimiters to isolate untrusted repo content from the agent's core instructions during the analysis phase.
- Capability inventory: The agent is tasked with research and architecture analysis, which involves extensive file reading; the skill itself does not provide write or network capabilities to the agent.
- Sanitization: No content validation or sanitization is performed on the files within the cloned repository before they are analyzed by the agent.
Audit Metadata