open-source-checker
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (git, grep, find) and security CLI tools to perform automated repository audits for sensitive information.\n- [EXTERNAL_DOWNLOADS]: Instructions include downloading and installing security tools from established platforms such as GitHub and Maven Central.\n- [DATA_EXFILTRATION]: The skill is designed to locate sensitive files and credentials (e.g., .env files, SSH keys, AWS config). This access is intended for auditing and occurs within the local environment without unauthorized external transmission.\n- [PROMPT_INJECTION]: Presents an indirect prompt injection surface as it analyzes content from external repositories.\n
- Ingestion points: Processes files and git history via git grep and git log in references/full-guide.md.\n
- Boundary markers: No explicit delimiters are used in the auditing commands to isolate untrusted content.\n
- Capability inventory: Access to shell execution, package installation, and sensitive file reading.\n
- Sanitization: No data validation or sanitization is applied to the content being audited.
Audit Metadata