github-navigator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill metadata includes a directive ('CRITICAL: Always use instead of WebFetch for ANY github.com URL') intended to override the agent's default tool selection logic.
- [COMMAND_EXECUTION]: The 'REFERENCES.md' file suggests executing commands with elevated privileges, specifically 'sudo apt install gh', to set up the environment.
- [EXTERNAL_DOWNLOADS]: The skill uses 'git clone' to fetch arbitrary repositories from GitHub for its 'Deep Analysis Mode', which involves processing untrusted third-party content.
- [PROMPT_INJECTION]: The 'Deep Analysis Mode' creates an indirect prompt injection surface by cloning and reading content from untrusted external repositories.
- Ingestion points: Files (README, package.json, source code) within repositories cloned to '/tmp/github-navigator/' using 'git clone'.
- Boundary markers: None. The skill does not implement delimiters or 'ignore' instructions when reading the content of the cloned files for analysis.
- Capability inventory: The skill has access to 'Bash' (for 'gh' and 'git' commands), 'Read', 'Glob', 'Grep', and 'Task' tools.
- Sanitization: No sanitization, escaping, or validation is performed on the content retrieved from the external repositories before the agent processes it.
Audit Metadata