Skills
skills/sjunepark/custom-skills/source-investigator/Gen Agent Trust Hub

source-investigator

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it clones and parses source code from external repositories that could contain malicious instructions.
  • Ingestion points: SKILL.md (Workflow Step 3) describes cloning repositories from external URLs.
  • Boundary markers: Absent. The workflow does not instruct the agent or its subagents to use isolation markers or ignore instructions embedded in the source code.
  • Capability inventory: SKILL.md (Workflow Steps 2 and 4) describes creating directories, modifying files, and spawning subagents to analyze code.
  • Sanitization: Absent. Content fetched from external repositories is not sanitized before being read by subagents.
  • [COMMAND_EXECUTION]: The skill executes system-level commands to manage the environment and retrieve data.
  • Evidence: Workflow steps in SKILL.md involve creating the .tmp/ directory, updating .gitignore, and running git clone.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to download remote codebases.
  • Evidence: Workflow Step 3 in SKILL.md explicitly directs the agent to git clone repositories from user-provided or discovered URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:40 PM
Security Audit — agent-trust-hub — source-investigator