github-deep-research
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It ingests untrusted data from GitHub repositories and external web pages using
web_fetchandscripts/github_api.py. Evidence: 1. Ingestion points:scripts/github_api.py(fetching readme, issues, prs) andweb_fetch. 2. Boundary markers: Absent (no delimiters or instructions to ignore embedded commands). 3. Capability inventory: Executespythonscripts and performs file-write operations. 4. Sanitization: Absent. Malicious instructions in a repository or webpage could override agent logic. - Command Execution (MEDIUM): The skill instructs the agent to execute shell commands to run
scripts/github_api.py. Since the script content is not included in the skill files, it is an unverifiable dependency. There is a risk of command injection if the script does not properly sanitize the<owner>,<repo>, or<topic>arguments derived from user input.
Recommendations
- AI detected serious security threats
Audit Metadata