orienting-codebases

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves repository archives from GitHub's API (api.github.com) using a provided GH_TOKEN. This is a legitimate operation for a codebase orientation tool and targets a well-known service.
  • [COMMAND_EXECUTION]: The skill uses uv to install tree-sitter-language-pack and executes several local Python scripts (treesit.py, gather.py, build.py) located in the /mnt/skills/user/ directory. These commands are used to analyze code and generate HTML artifacts.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted source code from external repositories.
  • Ingestion points: Untrusted repository data is downloaded via curl and extracted to /tmp (SKILL.md).
  • Boundary markers: The instructions explicitly direct the agent to ensure code is "Escaped properly" within the HTML artifact.
  • Capability inventory: The skill uses treesit.py, gather.py, and build.py to analyze files and write output to /mnt/user-data/outputs/ (SKILL.md).
  • Sanitization: The skill relies on the agent's ability to escape source code and the structural enforcement of the <details> HTML tag.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — orienting-codebases