Skills
skills/aradotso/trending-skills/git-city-3d-github-visualization/Gen Agent Trust Hub

git-city-3d-github-visualization

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a third-party project from 'https://github.com/srizzon/git-city.git' and execute 'npm install', which downloads external dependencies.
  • [CREDENTIALS_UNSAFE]: Setup involves configuring environment variables such as 'SUPABASE_SERVICE_ROLE_KEY' and 'GITHUB_TOKEN' for local project access.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted data from GitHub profiles and repositories.
  • Ingestion points: Profile and repository data are fetched via 'lib/github.ts' from the GitHub API.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the provided patterns.
  • Capability inventory: The skill interacts with Supabase for data persistence ('app/actions/kudos.ts') and utilizes authentication state.
  • Sanitization: Provided code snippets do not demonstrate sanitization of external text inputs before rendering or metadata generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 10:47 PM