opensource-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using the
gh(GitHub CLI) for repository creation and management, as well asmkdir,ls, andcatfor managing the staging environment. - [DATA_EXFILTRATION]: The skill inherently handles sensitive project data, including source code, potential secrets, and PII, for the purpose of sanitization. While the design aims to prevent accidental exposure by removing these elements before public release, the process involves copying and reading sensitive files within the local file system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the user's project files (e.g., code comments, READMEs) through specialized subagents.
- Ingestion points: Project source files located at the
{SOURCE_PATH}are read and processed by subagents. - Boundary markers: The prompts for the forker, sanitizer, and packager agents do not utilize explicit boundary markers or delimiters to isolate processed project content from agent instructions.
- Capability inventory: The subagents have capabilities for file system operations, secret scanning, and generating configuration files (like
setup.sh). - Sanitization: The skill includes a dedicated
opensource-sanitizeragent specifically designed to detect and report sensitive data leaks before final publication, providing a safety gate.
Audit Metadata