Skills
skills/remorses/kimaki/opensrc/Gen Agent Trust Hub

opensrc

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the opensrc utility to fetch source code from established package registries (npm, PyPI, crates.io) and public GitHub repositories. These files are cached locally in the user's home directory (~/.opensrc/).
  • [PROMPT_INJECTION]: Fetching and reading source code from arbitrary external repositories introduces an indirect prompt injection surface. Instructions embedded in the downloaded source (e.g., in comments or README files) could potentially influence the agent's behavior if processed without sanitization.
  • Ingestion points: External source code downloaded to ~/.opensrc/ and accessed via commands like cat, rg, or find (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the prompt templates.
  • Capability inventory: The skill utilizes Bash to run opensrc, rg, cat, and find (SKILL.md).
  • Sanitization: No sanitization or validation of the remote content is performed before the agent reads it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:29 AM
Security Audit — agent-trust-hub — opensrc