vs-octocode-research
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a local shell command (
npm run server-init) to start the background server process that powers its tools. - [DATA_EXFILTRATION]: The README documentation states that usage telemetry, such as command counts and error rates, is collected for improvement purposes, with a documented opt-out mechanism provided via environment variables.
- [EXTERNAL_DOWNLOADS]: Installation of the skill involves downloading assets from a GitHub repository and installing dependencies using Node Package Manager.
- [PROMPT_INJECTION]: The skill is designed to ingest and process content from untrusted external sources, including GitHub repositories and package registries, which creates an attack surface for indirect prompt injection.
- Ingestion points: External code and metadata are retrieved via GitHub and npm API tools and read into the agent's context.
- Boundary markers: The prompt instructions do not specify the use of delimiters or 'ignore' directives to isolate the retrieved external content from the agent's core instructions.
- Capability inventory: The skill has the ability to read and write files (for checkpoints), perform network requests, and execute local setup commands.
- Sanitization: There is no evidence of specific sanitization or validation logic applied to the content fetched from remote sources before it is analyzed by the agent.
Audit Metadata