ghgrab
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'ghgrab' utility from public registries using package managers such as NPM (@ghgrab/ghgrab), Cargo (ghgrab), and Pipx (ghgrab). These packages are not authored by a verified trusted organization or the skill author.
- [COMMAND_EXECUTION]: The instructions guide the agent to execute the 'ghgrab' CLI tool in the shell to search, navigate, and download assets from remote repositories to the local environment.
- [REMOTE_CODE_EXECUTION]: The pattern of installing third-party packages from public registries and subsequently executing them on the system constitutes a remote code execution vector common to utility-installation skills.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing data from untrusted external sources.
- Ingestion points: The 'ghgrab' tool fetches arbitrary file content and directory structures from external GitHub repositories.
- Boundary markers: Absent; the instructions do not include delimiters or warnings to treat the downloaded content as untrusted data.
- Capability inventory: The skill is granted access to powerful tools such as 'Bash', 'Write', and 'Edit' as specified in the 'allowed-tools' section of SKILL.md.
- Sanitization: Absent; no validation or filtering of the content retrieved from GitHub is performed before it enters the agent's context.
Audit Metadata