entropy-check
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill's bash instructions interpolate data sourced directly from repository files (like domain names from ARCHITECTURE.md) and GitHub API metadata (like PR numbers) into command line arguments for tools like grep and gh api. This lack of sanitization allows for command injection if malicious strings are present in the repository or PR metadata.
- [DATA_EXFILTRATION]: The skill is configured to perform audit operations across a hardcoded list of external GitHub repositories, including those from unrelated organizations like Lexgo-cl. This behavior uses the environment's GH_TOKEN to access and potentially report on data outside the current repository's scope.
- [CREDENTIALS_UNSAFE]: The reliance on the GH_TOKEN environment variable across multiple shell scripts that process externally sourced data increases the risk of token leakage. If a command injection occurs through the unsanitized variables, the sensitive token could be easily exfiltrated via the execution environment.
Audit Metadata