repo-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHNO_CODEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE] (MEDIUM): The main execution script 'repo_analyzer.py' is missing from the provided skill files. This prevents verification of the script's actual behavior, including how it handles file system permissions, whether it initiates unauthorized network requests, or if it uses unsafe deserialization for configuration.
- [DATA_EXFILTRATION] (HIGH): Documentation and sample reports (test_report.md) indicate that the skill accesses sensitive internal files within the .git directory, specifically 'config'. Accessing '.git/config' is a high-severity security risk as it can expose repository-level credentials, access tokens, and private user information.
- [PROMPT_INJECTION] (LOW): The skill has an Indirect Prompt Injection surface (Category 8) because its core function is to analyze and summarize untrusted external repositories. Malicious content within a scanned repository could be used to bias the AI's technical summary or influence the agent's subsequent reasoning about the codebase. Evidence Chain: 1. Ingestion points: All files within the user-specified repository directory. 2. Boundary markers: No isolation delimiters or instructions are specified in the documentation. 3. Capability inventory: File reading and report generation. 4. Sanitization: No sanitization or filtering logic for external content is mentioned.
Recommendations
- AI detected serious security threats
Audit Metadata