run-agent
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill demonstrates the execution of agents directly from remote Git repositories using the
-rflag (e.g.,gitagent run -r https://github.com/user/agent). This allows the agent to download and run logic from arbitrary third-party sources, which may contain malicious code or unintended instructions. - [COMMAND_EXECUTION]: The skill utilizes a CLI tool (
gitagent) to perform system-level operations, including cloning remote repositories to a local cache at~/.gitagent/cache/and launching processes for various agent adapters. - [EXTERNAL_DOWNLOADS]: The skill promotes downloading content from external Git repositories. While the examples use placeholders, the functionality encourages the retrieval of unverified data from the internet.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from remote repositories and local framework files. Ingestion points: Remote repository contents,
.cursorrules,crew.yaml, and.gitagent_adapterfiles. Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying embedded instructions in these files. Capability inventory: The tool can clone repositories, write to a local cache, and execute agent logic. Sanitization: There is no evidence of content sanitization or safety checks performed on the downloaded repository data before it influences the agent's behavior.
Audit Metadata