random-contributor
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The Bash script example in
SKILL.mduses theevalcommand to execute acurlrequest containing variables${REPO_OWNER}and${REPO_NAME}. If these variables are derived from untrusted user input and not strictly sanitized, an attacker could inject shell commands (e.g., by providing a repository name containing shell metacharacters like;or`). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and returning data from external GitHub contributor profiles.
- Ingestion points: The skill fetches data from the GitHub API via the
/contributorsendpoint. - Boundary markers: None identified; the agent is prompted to return the login and name fields directly as JSON.
- Capability inventory: The skill provides logic for network requests (
curl,fetch) and demonstrates shell execution capabilities. - Sanitization: No sanitization or validation of the fetched contributor strings is performed before they are returned to the agent context.
- [EXTERNAL_DOWNLOADS]: Fetches contributor metadata from the official GitHub REST API.
Audit Metadata