reference-seek
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches raw source code from GitHub via
raw.githubusercontent.comto provide implementation examples to the user. This domain is a well-known service and the operation is central to the skill's purpose. - [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (
gh api) to search for repositories and retrieve file trees. It also usescurlto download file contents. These commands are used to implement the core search and retrieval functionality. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests and displays code from arbitrary GitHub repositories based on user-provided topics.
- Ingestion points: Raw code is fetched from GitHub repositories using
curlin Step 3. - Boundary markers: External content is displayed within markdown code blocks in the synthesis step.
- Capability inventory: The skill can execute shell commands (
gh,curl) and use an internalExploresubagent to search the local codebase. - Sanitization: There is no explicit sanitization or filtering of the external code content before it is processed or presented to the user.
Audit Metadata