Skills
skills/sd0xdev/sd0x-dev-flow/repo-intake/Gen Agent Trust Hub

repo-intake

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/intake_cached.js and its sub-scripts use child_process.spawnSync to execute git and node commands. This is used to gather repository metadata (commit hashes, remote URLs, file lists) and execute internal scanning logic.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the repository being scanned.
  • Ingestion points: The tool ingests the repository file tree and the contents of various manifest files such as package.json, go.mod, and Cargo.toml.
  • Boundary markers: The output provided to the agent lacks explicit delimiters or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The skill is configured with powerful tools including Bash, Read, Write, Grep, and Glob in SKILL.md.
  • Sanitization: While internal cache paths use a slugification function, the metadata and project overview presented to the agent are not sanitized to prevent malicious content from influencing agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:24 PM
Security Audit — agent-trust-hub — repo-intake