setup-repo
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git initin the working directory during the repository initialization phase (Step 3). - [EXTERNAL_DOWNLOADS]: The skill fetches external agent instructions via the
awesome-copilot-search_instructionsandawesome-copilot-load_instructiontools to install new capabilities into the project repository (Step 8). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) during the automated installation of skills.
- Ingestion points: Untrusted data enters the agent context via the
awesome-copilot-load_instructiontool call which fetches external Markdown files. - Boundary markers: No boundary markers or "ignore embedded instructions" warnings are used when writing the downloaded content to the
.agents/skills/directory. - Capability inventory: The skill possesses significant capabilities including shell command execution (
git init) and project-wide file write access (hooks, configuration, and skill files). - Sanitization: There is no evidence of sanitization or content validation performed on the external instructions before they are saved and potentially executed by the agent.
Audit Metadata