Skills
skills/blogic-cz/blogic-marketplace/debugging-with-opensrc/Gen Agent Trust Hub

debugging-with-opensrc

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands, including bun run opensrc:sync, bun run opensrc:use, and opencode run, primarily for environment synchronization and debugging tasks.
  • [EXTERNAL_DOWNLOADS]: The opensrc:use command enables fetching external content from npm and GitHub. While the documentation highlights well-known libraries such as TanStack, TRPC, and Drizzle, this mechanism allows the introduction of external code into the local environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directs the agent to analyze and act upon content from external source code repositories.
  • Ingestion points: Files located within the opensrc/repos/github.com/ directory.
  • Boundary markers: The skill lacks explicit instructions or delimiters to ensure the agent ignores potential malicious directives embedded in the analyzed source code.
  • Capability inventory: The agent utilizes file-reading tools (mcp_read, mcp_grep) and command execution wrappers (bun, opencode).
  • Sanitization: No sanitization or validation of the external repository content is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:52 AM