repo-story-time
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to run multiple PowerShell and Git commands to extract repository metrics and structure. It explicitly encourages the agent to use 'best judgment' to run additional, unspecified commands based on the output of previous steps.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and analyzes data from untrusted sources (the repository being analyzed) without sufficient safeguards.
- Ingestion points: Repository file names, directory structures, and git commit history (including commit messages) accessed in Phase 1 and Phase 3 of SKILL.md.
- Boundary markers: There are no instructions or delimiters provided to ensure the agent distinguishes between its own instructions and potentially malicious content within the analyzed repository.
- Capability inventory: The agent is authorized to write files to the repository root using the editFiles tool and execute arbitrary shell commands.
- Sanitization: The skill does not implement any sanitization or validation of the data retrieved from the repository before it is used to generate the summary files or influence further command execution.
Audit Metadata