stock-the-library

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the git clone command to fetch external repositories into the local environment. This is the primary function of the skill and is triggered by user intent.
  • [EXTERNAL_DOWNLOADS]: Downloads repository contents from external URLs (e.g., GitHub). These downloads are restricted to user-provided or user-approved repositories.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted external data (cloned repository contents) that the agent might read in future tasks.
  • Ingestion points: Files within cloned repositories (SKILL.md).
  • Boundary markers: None specified for the contents of the library.
  • Capability inventory: Shell command execution via git and file writing to INDEX.md.
  • Sanitization: None; external content is stored exactly as it exists in the remote source.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:27 AM
Security Audit — agent-trust-hub — stock-the-library