Skills
skills/aussiegingersnap/cursor-skills/tools-repo-review/Gen Agent Trust Hub

tools-repo-review

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to execute git and gh (GitHub CLI) commands for cloning, fetching, and listing repositories. It also scans the local filesystem at ~/Code to discover existing repositories.
  • [REMOTE_CODE_EXECUTION]: The Python script repo_review_om.py dynamically imports matplotlib within the create_dot_plot function. While used for optional visualization charts, this pattern involves dynamic loading of external code.
  • [PROMPT_INJECTION]: The skill has a high surface for indirect prompt injection as it processes untrusted data from external GitHub repositories.
  • Ingestion points: Commit messages, author names, and code contents retrieved via git log and git clone in SKILL.md and scripts/repo_review_om.py.
  • Boundary markers: No explicit delimiters or 'ignore instructions' warnings are present when repository data is provided to the agent.
  • Capability inventory: The skill can execute shell commands (git, gh) and write files (CSV, PNG) to the local filesystem.
  • Sanitization: No sanitization of commit messages or repository code is performed before inclusion in the agent's context, potentially allowing malicious commit data to influence management outputs.
  • [EXTERNAL_DOWNLOADS]: The skill clones repositories from GitHub using the git clone command. This targets a well-known service (GitHub) and is documented as a safe operation for the skill's intended purpose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 12:03 PM