orienting-codebases
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves repository archives from GitHub's API (api.github.com) using a provided GH_TOKEN. This is a legitimate operation for a codebase orientation tool and targets a well-known service.
- [COMMAND_EXECUTION]: The skill uses
uvto installtree-sitter-language-packand executes several local Python scripts (treesit.py, gather.py, build.py) located in the/mnt/skills/user/directory. These commands are used to analyze code and generate HTML artifacts. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted source code from external repositories.
- Ingestion points: Untrusted repository data is downloaded via
curland extracted to/tmp(SKILL.md). - Boundary markers: The instructions explicitly direct the agent to ensure code is "Escaped properly" within the HTML artifact.
- Capability inventory: The skill uses
treesit.py,gather.py, andbuild.pyto analyze files and write output to/mnt/user-data/outputs/(SKILL.md). - Sanitization: The skill relies on the agent's ability to escape source code and the structural enforcement of the
<details>HTML tag.
Audit Metadata