checkout
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs
bun iandbun run build, which execute installation and build scripts defined within the repository's configuration. This can lead to arbitrary code execution if a malicious branch is checked out. - [EXTERNAL_DOWNLOADS]: The
bun icommand downloads third-party packages from external registries to the local environment. - [PROMPT_INJECTION]: The skill accepts a user-provided branch or ref, which serves as an indirect prompt injection surface.
- Ingestion point: User-supplied reference name in the checkout instruction.
- Boundary markers: No delimiters or warnings are used to isolate the user-provided ref.
- Capability inventory: The skill has the ability to execute shell commands (
bun). - Sanitization: There is no evidence of input validation or sanitization for the user-provided string.
Audit Metadata