Skills
skills/varnan-tech/opendirectory/sdk-adoption-tracker/Gen Agent Trust Hub

sdk-adoption-tracker

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands and Python scripts via heredocs to manage the workflow, including GitHub API requests and local file processing.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from the GitHub API (repository descriptions, owner bios, and names) and uses this content to generate outreach briefs.
  • Ingestion points: GitHub Code Search, User, and Organization APIs (processed in SKILL.md and scripts/fetch.py).
  • Boundary markers: Absent. No delimiters or instructions are used to separate external data from the system prompt during brief generation.
  • Capability inventory: File writes to the local project directory and standard API network operations.
  • Sanitization: No validation or filtering is performed on the data retrieved from GitHub before interpolation.
  • [SAFE]: The skill uses ssl._create_unverified_context() in SKILL.md and scripts/fetch.py, which disables SSL certificate verification for network requests. This is a best practice violation that could theoretically expose API communication to man-in-the-middle attacks, though the impact is limited to GitHub API data.
  • [SAFE]: The network operations are restricted to the well-known and trusted GitHub API service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:54 PM
Security Audit — agent-trust-hub — sdk-adoption-tracker