Skills
skills/cat-xierluo/legal-skills/github-star-tracker/Gen Agent Trust Hub

github-star-tracker

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface that is vulnerable to indirect injection via malicious repository metadata.
  • Ingestion points: The script fetches repository names, descriptions, and topics from the GitHub API (StarTracker.get_starred_repos).
  • Boundary markers: No explicit sanitization or boundary markers are used when interpolating this data into the HTML dashboard.
  • Capability inventory: The skill writes local HTML/JS files and performs network requests to GitHub and OpenAI.
  • Sanitization: In scripts/dashboard_generator.py, the _generate_simple_html function uses .innerHTML to render project descriptions (p.description). An attacker-controlled repository with a malicious description (e.g., containing <script> tags) could execute arbitrary JavaScript in the user's browser when the dashboard is opened.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 12:30 PM