upstream-source-research
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external software repositories (source code, issues, pull requests). This creates a vulnerability to indirect prompt injection where an attacker could embed instructions in a repository to manipulate the agent.
- Ingestion points: Repository content via git, gh, and glab tools.
- Boundary markers: Absent; there are no instructions to the agent to disregard embedded commands in processed data.
- Capability inventory: Shell command execution (git, gh, glab) and temporary file system access in /tmp.
- Sanitization: Absent; the skill does not specify any validation or filtering of the content retrieved from repositories.
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using git, gh, and glab to facilitate research. While these tools are standard for the task, they represent sensitive capabilities that should be monitored when interacting with untrusted sources.
Audit Metadata