Skills
skills/4444zyf/skills/github-repo-analyzer/Gen Agent Trust Hub

github-repo-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to clone repositories and gather metadata using Git.\n
  • Evidence: SKILL.md specifies executing git clone to retrieve remote code. scripts/repo_info.py executes multiple git commands (log, branch, rev-list) via the subprocess.run module.\n- [CREDENTIALS_UNSAFE]: The skill is designed to read and use a Notion API key stored in a local configuration file for authentication.\n
  • Evidence: scripts/notion_sync.py reads from ~/.config/notion/api_key. While this is a standard practice for CLI tools, the file is identified as a sensitive credential path.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted Markdown and code files from user-specified GitHub repositories through LLM analysis tools.\n
  • Ingestion points: Repository files (README, source code, config files) cloned into the repo/ subdirectory (identified in SKILL.md).\n
  • Boundary markers: No explicit instruction-ignoring delimiters or boundary markers are defined for the analysis phase in SKILL.md.\n
  • Capability inventory: The skill utilizes git clone for data ingestion and provides reports to the user; it also has the capability to write to the Notion API via scripts/notion_sync.py.\n
  • Sanitization: There is no evidence of content sanitization or instruction filtering before the repository data is processed by the analysis tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:53 AM