stock-the-library
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
git clonecommand to fetch external repositories into the local environment. This is the primary function of the skill and is triggered by user intent. - [EXTERNAL_DOWNLOADS]: Downloads repository contents from external URLs (e.g., GitHub). These downloads are restricted to user-provided or user-approved repositories.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted external data (cloned repository contents) that the agent might read in future tasks.
- Ingestion points: Files within cloned repositories (
SKILL.md). - Boundary markers: None specified for the contents of the library.
- Capability inventory: Shell command execution via
gitand file writing toINDEX.md. - Sanitization: None; external content is stored exactly as it exists in the remote source.
Audit Metadata