open-source-best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's auditing functionality creates an indirect prompt injection surface because it reads and processes untrusted repository content. \n
- Ingestion points: Repository files such as README and LICENSE are read by the agent as part of the assessment process defined in github-copilot/AGENTS.md. \n
- Boundary markers: The skill explicitly instructs the agent to ignore .env files and focus on templates in github-copilot/AGENTS.md, but it lacks general delimiters for other processed file content. \n
- Capability inventory: The agent is empowered with file_writer and github_api tools to help users implement recommendations. \n
- Sanitization: There is no specified method for sanitizing or validating repository file content before processing. \n
- [EXTERNAL_DOWNLOADS]: The documentation identifies and recommends an external utility, git-history-cleaner, for the purpose of removing sensitive data from the repository's git history. \n
- Source: The utility is hosted at github.com/AndreaGriffiths11/git-history-cleaner. \n
- Execution: Users are instructed to install and run this tool via npm to ensure project security before going public.
Audit Metadata