Skills
skills/bgauryy/octocode-mcp/octocode-rfc-generator/Gen Agent Trust Hub

octocode-rfc-generator

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill suggests installing and running the 'octocode-mcp' server using the 'npx -y' command. This pattern downloads and executes code from a remote registry at runtime.
  • [COMMAND_EXECUTION]: Employs shell-based tools such as 'curl' and the GitHub CLI ('gh') to perform network research and interact with external repositories.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted content from the web to draft RFCs.
  • Ingestion points: External content from GitHub, npm, and general web URLs (via WebFetch).
  • Boundary markers: Absent; there is no explicit separation between instructions and the untrusted data being researched.
  • Capability inventory: Shell execution, filesystem writing, and network fetching.
  • Sanitization: Absent; fetched data is incorporated into the draft without validation or filtering.
  • [DATA_EXFILTRATION]: The skill's ability to read local codebase files combined with its network tools ('curl', 'WebFetch') creates a technical surface for the exfiltration of sensitive information during the research process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 10:22 AM