repo-knowledge-share
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads from
~/.config/repo-knowledge-share.json, a local configuration file containing absolute paths to various projects on the user's system.\n- [DATA_EXFILTRATION]: The skill performs an automated scan of project files, including "auth configs, DB schemas, API routes," and "actual source files." It then commits and pushes these summaries to a remote GitHub repository (https://github.com/Derek-X-Wang/skills), facilitating the movement of technical project data from a local environment to a remote server.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands to synchronize local data with a remote repository, specificallygit pull,git add,git commit, andgit pushwithin the context of a local development directory.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting content from untrusted local files (e.g.,CLAUDE.md, package manifests, and source code) to generate project summaries. Malicious instructions placed in these files could influence the agent's behavior during the scan or search process.\n - Ingestion points: Reads project files including
CLAUDE.md,AGENTS.md,package.json,pyproject.toml, and source code (SKILL.md).\n - Boundary markers: None identified; extracted content is processed directly to generate summaries without delimiters or "ignore instructions" warnings.\n
- Capability inventory: Includes the ability to execute git shell commands and perform arbitrary local file reads (SKILL.md).\n
- Sanitization: There is no evidence of sanitization or filtering of the content ingested from the scanned project files.
Audit Metadata