octocode-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted code from external repositories. * Ingestion points: The githubSearchCode and githubGetFileContent tools (SKILL.md) allow the agent to fetch content from any public GitHub repository. * Boundary markers: There are no explicit instructions or delimiters to separate untrusted external code from the agent's instructions. * Capability inventory: The skill possesses significant capabilities including local file searching (localSearchCode), cloning remote repositories (githubCloneRepo), and executing shell commands (references/fallbacks.md). * Sanitization: Content retrieved from external sources is passed to the agent without sanitization.
- [REMOTE_CODE_EXECUTION]: The skill recommends that the user install the octocode-mcp package via npx (SKILL.md). While identified as a vendor resource, this involves downloading and executing code from a remote registry.
- [EXTERNAL_DOWNLOADS]: The githubCloneRepo tool (SKILL.md) enables the agent to download entire codebases from external sources to the local filesystem at ~/.octocode/repos/.
- [COMMAND_EXECUTION]: The skill utilizes powerful command-line tools like gh, git, and ripgrep, and provides a Shell tool for arbitrary command execution in its Tier 3 fallback mode (references/fallbacks.md).
Audit Metadata