Skills
skills/chujianyun/skills/github-code-interpreter/Gen Agent Trust Hub

github-code-interpreter

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run within a local Python script to execute git, tree, find, and wc for repository analysis. It also runs a provided shell script scripts/review.sh to monitor analysis status.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the cloning of external GitHub repositories to the local filesystem using git clone based on user-provided URLs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from repository files like README.md and source code (Ingestion points: SKILL.md Section 4). No explicit boundary markers or instructions to ignore embedded commands are provided (Boundary markers). The system provides capabilities for local script execution and filesystem access (Capability inventory), while sanitization is limited to regex-based URL validation (Sanitization).
  • [DATA_EXFILTRATION]: The skill accesses specific personal context files located at ~/Documents/coding/our/skills-wuming/ to incorporate personal insights into the reports. This direct access to sensitive local file paths represents a data exposure risk within the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 05:12 AM