python-repo-quickstart
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's instructions (SKILL.md) prompt the agent to identify and recommend the installation of dependencies via
pip install -r requirements.txtor other package managers. Following these recommendations on a malicious repository can lead to the installation of compromised packages or the execution of malicious setup scripts, resulting in remote code execution.\n- [COMMAND_EXECUTION]: The skill directs the agent to locate entry points and provide commands for running the application (e.g.,python main.py). If the agent or user executes these on an untrusted repository, it facilitates the execution of potentially malicious code on the host system.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from repository files.\n - Ingestion points: Repository content, including README files and code structure, is scanned by the
analyze_repo.pyscript.\n - Boundary markers: There are no explicit delimiters or instructions to treat repository data as non-authoritative content, allowing malicious instructions within the repo to potentially influence the agent's behavior.\n
- Capability inventory: The agent is empowered to generate and provide system-level commands based on the analysis.\n
- Sanitization: The skill does not sanitize or validate extracted strings (like project descriptions or usage instructions) before including them in the generated output.
Audit Metadata