Skills
skills/petrbui/skills/gaphunter/Gen Agent Trust Hub

gaphunter

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: SKILL.md (Local and GitHub repository scanning in "Deep Mode").
  • Boundary markers: Present. The skill instructs the agent to skip files containing instruction-like patterns (e.g., SYSTEM:, Ignore previous) and specifies that file content should be treated as data only.
  • Capability inventory: The skill utilizes file reading tools, the GitHub CLI (gh api), and writes to a local progress file (~/.adaptive-teacher-progress.md).
  • Sanitization: Includes logic to filter out potentially malicious files and ignore invisible characters.
  • [COMMAND_EXECUTION]: Usage of GitHub CLI and File Tools.
  • The skill executes gh api commands to retrieve repository data and git log for local analysis. These operations are scoped to repositories explicitly provided by the user and are intended for the skill's primary functionality.
  • [EXTERNAL_DOWNLOADS]: Documentation and Repository Data Retrieval.
  • Fetches documentation via the @upstash/context7-mcp tool and repository information via the official GitHub API. These are well-known services used for the skill's core functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 09:57 PM