project-discovery
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell utilities (ls, find, grep, cat, jq) and the GitHub CLI (gh) to explore the target repository's structure and configuration. It also provides instructions for identifying and running development commands such as 'npm install' or 'bun run dev' as part of the local setup discovery process.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted code and documentation from a target repository to generate summaries and specifications. (1) Ingestion points: All files within the user-specified target repository. (2) Boundary markers: The instructions do not define specific delimiters for isolating external content. (3) Capability inventory: File system exploration, text processing, and repository interaction via shell commands. (4) Sanitization: No explicit sanitization of content from the target repository is mentioned.
- [SAFE]: The skill includes a dedicated sub-step to identify hardcoded secrets in the target repository but features a strong security guardrail by forbidding the agent from pasting these secrets into any discovery documentation, requiring instead that only the file path and risk severity be recorded.
Audit Metadata