when-managing-multiple-repos-use-github-multi-repo

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes several shell scripts (e.g., scripts/repo-graph.sh, scripts/multi-repo.sh, scripts/migration.sh) that are expected to be present in the user's environment. It also uses the dot command for graph visualization.\n- [EXTERNAL_DOWNLOADS]: Uses npx claude-flow@alpha to initialize the swarm orchestration framework.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it analyzes content from external, potentially untrusted repositories.\n
  • Ingestion points: Codebase content, module boundaries, and repository metadata processed by the code-analyzer and repo-architect agents.\n
  • Boundary markers: None; the instructions do not specify delimiters or warnings to isolate processed data from agent instructions.\n
  • Capability inventory: Includes repository cloning, Pull Request creation, and shell command execution via local scripts.\n
  • Sanitization: None; there are no steps described to validate or sanitize the data retrieved from external sources before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-managing-multiple-repos-use-github-multi-repo