skills/s-hiraoku/synapse-a2a/opensrc/Gen Agent Trust Hub

opensrc

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch external source code from public package registries including npm, PyPI, and crates.io, as well as directly from GitHub repositories. These downloads are performed to populate a local cache at ~/.opensrc/ for the purpose of source code analysis.
  • [COMMAND_EXECUTION]: Execution of the opensrc command-line tool is required to resolve dependency paths and manage the local source cache. The tool performs network operations to fetch code and file system operations to read project lockfiles (e.g., package-lock.json, pnpm-lock.yaml) for version resolution.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of external, third-party source code into the agent's context. This introduces a surface for indirect prompt injection if the downloaded code contains malicious instructions or comments specifically designed to manipulate an AI agent's behavior.
  • Ingestion points: Content retrieved via opensrc path <pkg> and subsequently read using tools like cat or rg enters the agent context.
  • Boundary markers: None explicitly defined in the skill instructions.
  • Capability inventory: Uses Bash(opensrc:*) for system interaction.
  • Sanitization: None specified for the content of the retrieved source files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 05:45 PM
Security Audit — agent-trust-hub — opensrc