generate-repo-instructions
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to access sensitive file paths and scan for credentials as part of its repository analysis phase. Specifically, it directs the agent to read
.envfiles and search the codebase for hardcoded secrets such as API keys, passwords, and tokens. While the stated goal is to identify and exclude these secrets from the generated documentation, the act of reading and processing these values in the agent's context window creates an exposure risk.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it performs LLM-driven synthesis of instructions based on untrusted repository content.\n - Ingestion points: The skill reads README.md, CONTRIBUTING.md, and samples multiple source code files across the repository.\n
- Boundary markers: None; there are no instructions to use delimiters or to treat the ingested content as untrusted data.\n
- Capability inventory: The skill has the capability to write files (
.github/copilot-instructions.md) and create directories (mkdir -p) on the local file system.\n - Sanitization: None; the skill synthesizes findings directly from the analyzed files into the final instruction template without escaping or validation.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands (
cat,mkdir) to read internal references and prepare the output directory. It explicitly instructs the agent to perform these actions autonomously without requesting user permission, which reduces human oversight.
Audit Metadata