osint
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a sequence of shell commands using tools like the GitHub CLI (
gh),git,trufflehog, andgitleaksto perform discovery and scanning of remote repositories. - [EXTERNAL_DOWNLOADS]: Clones external codebases from public platforms such as GitHub and GitLab to the local environment to facilitate deep history analysis and configuration auditing.
- [PROMPT_INJECTION]: Creates an attack surface for indirect prompt injection when the agent ingests untrusted data from external repositories (e.g.,
package.json,Gemfile, or CI/CD configs) into its context. The instructions lack boundary markers or sanitization steps to prevent the agent from potentially following instructions embedded within the scanned repository files while performing its capabilities such as file system access or network requests.
Audit Metadata