Skills
skills/blessonism/github-explorer-skill/github-explorer/Gen Agent Trust Hub

github-explorer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The documentation instructs users to install the skill and its dependencies using npx skills add and git clone from GitHub repositories owned by an untrusted user (blessonism). These sources are not part of the defined Trusted GitHub Organizations.
  • COMMAND_EXECUTION (HIGH): The installation instructions involve running shell commands (npx, git clone, ln -s) that download and execute or link external code into the agent's environment.
  • PROMPT_INJECTION (LOW): [Indirect Prompt Injection Surface] The skill's primary purpose is to ingest and process data from uncontrolled external sources, which is a classic vector for indirect prompt injection.
  • Ingestion points: Fetches data from GitHub Issues, Commits, Zhihu, V2EX, WeChat, Twitter, Medium, and Dev.to.
  • Boundary markers: None mentioned in the README to separate untrusted data from system instructions.
  • Capability inventory: Utilizes web_search, web_fetch, and browser tools, and can trigger the installation of additional skills.
  • Sanitization: No mention of content sanitization, filtering, or validation before the AI processes the retrieved data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:44 PM