localref
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch resources from arbitrary external URLs using tools like git clone and curl, which leads to the ingestion of untrusted content into the local environment.
- [COMMAND_EXECUTION]: The workflow relies on executing shell commands such as git clone and curl based on external or user-provided input.
- [DATA_EXFILTRATION]: Outbound network operations are performed to retrieve external data. While intended for cloning or downloading, this represents a general outbound connection capability to arbitrary domains.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by reading and processing external data from potentially untrusted repositories. Ingestion points: Files cloned or downloaded into /tmp/ and read by the agent. Boundary markers: Absent; no instructions are provided to treat the external content as untrusted. Capability inventory: Includes git clone, curl, and file system search/read. Sanitization: Absent; the skill does not specify any validation or filtering of external content before processing.
Audit Metadata