Skills
NYC
skills/boshu2/agentops/oss-docs/Gen Agent Trust Hub

oss-docs

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (SAFE): The skill utilizes the Bash tool to perform local repository analysis.
  • Evidence: SKILL.md (Phase 0) uses shell scripts to detect project languages (Go, Python, JS, Rust) and types (CLI, Operator, Helm) based on the presence of configuration files like go.mod, package.json, and Cargo.toml.
  • Evidence: scripts/validate.sh performs local file existence checks and pattern matching using grep to ensure the skill is correctly installed.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it reads and processes external data from the user's repository.
  • Ingestion points: The audit command uses Read, Glob, and Grep on arbitrary files within the target repository (e.g., existing README.md, CONTRIBUTING.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious instructions embedded within the files being audited.
  • Capability inventory: The skill has access to Bash, Write, and Edit, and is explicitly instructed in SKILL.md and references/beads-patterns.md to perform a git push to a remote repository.
  • Sanitization: No sanitization or validation of the ingested repository content is performed before the agent processes it.
  • DATA_EXFILTRATION (SAFE): The skill contains a 'MANDATORY WORKFLOW' that instructs the agent to 'PUSH TO REMOTE'. While this involves network activity and sending data to an external server, it is the primary intended purpose of the skill (maintaining OSS repositories) and targets the user's configured remote, not an attacker-controlled endpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 01:09 AM