github-repo-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill clones and analyzes untrusted third-party content from external GitHub repositories, creating a risk for indirect prompt injection.\n
- Ingestion points: The
git cloneoperation in the workflow downloads external repository content into a local directory for analysis.\n - Boundary markers: Absent; there are no explicit instructions to the AI to ignore embedded commands or instructions found within the repository files.\n
- Capability inventory: The skill executes shell commands via
git(inscripts/repo_info.py) and performs network requests toapi.notion.com(inscripts/notion_sync.py).\n - Sanitization: The skill does not perform filtering or sanitization of repository content before it is processed by analysis tools.\n- [CREDENTIALS_UNSAFE]: The script
scripts/notion_sync.pyreads a sensitive credential from~/.config/notion/api_key. While this is the intended configuration method for the Notion integration, it involves accessing a sensitive file path.\n- [COMMAND_EXECUTION]: The scriptscripts/repo_info.pyutilizes thesubprocessmodule to executegitcommands for extracting repository metadata and statistics.\n- [EXTERNAL_DOWNLOADS]: The skill usesgit cloneto download source code from arbitrary GitHub repositories provided by the user as part of its core functionality.
Audit Metadata