Create Skill
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill accepts arbitrary repository URLs (repo_link) and reference URLs (references) to fetch content from external, untrusted sources.
- [COMMAND_EXECUTION]: The skill clones external repositories based on user input, which typically involves executing system-level commands such as git clone.
- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection as it ingests data from external repositories or documents and uses that content to generate new agent instructions (SKILL.md). * Ingestion points: repo_link and references parameters in SKILL.md. * Boundary markers: No delimiters or safety instructions are present in the skill.global.md template to prevent the agent from obeying instructions embedded in the source material. * Capability inventory: The skill possesses the ability to write to the local file system (in .agents/skills/) and access the network. * Sanitization: There is no evidence of content sanitization or validation for the data retrieved from external sources.
- [REMOTE_CODE_EXECUTION]: The requirement to perform a 'full project analysis' after cloning a repository suggests that the agent may interpret or execute code found within the untrusted repository to understand its structure and functionality.
Audit Metadata