Skills
skills/trancong12102/agentskills/godfetch/Gen Agent Trust Hub

godfetch

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches package metadata from the Google-run deps.dev API and clones public git repositories via git clone from platforms such as GitHub and GitLab.
  • [EXTERNAL_DOWNLOADS]: Utilizes the ctx7 CLI from the npm registry via bunx to retrieve library documentation snippets.
  • [COMMAND_EXECUTION]: Executes local utility scripts (scripts/git-clone.sh, scripts/get-versions.py) and standard system tools (git, gh, bunx) for its core functionality.
  • [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were identified. Network operations are restricted to intended research APIs and public git repositories.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from external documentation, git repositories, and web search results, which constitutes an attack surface for indirect prompt injection.
  • Ingestion points: Output from ctx7 docs, files within cloned repositories, and WebFetch content.
  • Boundary markers: None explicitly defined in the skill for separating external content from system instructions.
  • Capability inventory: Shell command execution (bash, python3), package execution (bunx), and file system operations.
  • Sanitization: External content is used as context for the agent without explicit sanitization logic in the scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 02:21 PM