github-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill contains a hardcoded absolute file path for a specific local user environment.
- Evidence: The default report path
/Users/lytton/mac_wps_clound/Obsidian笔记知识库/调研分析reveals the local system's username ('lytton') and internal directory structure. This information could be used to map a target's file system. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process large amounts of untrusted data from external GitHub repositories, creating an attack surface for indirect prompt injection.
- Ingestion points: Data is pulled from GitHub README.md files, Issues, Discussions, and Release pages.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the gathered content.
- Capability inventory: The agent possesses the capability to write files to the local disk using the
Writetool. - Sanitization: There is no mention of sanitizing or escaping the content retrieved from GitHub before it is included in the final report or processed by the agent.
Audit Metadata