gitload
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npx gitload-clito download and execute code from the public NPM registry at runtime. This package does not originate from a recognized trusted organization. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including
npx,gitload, andnpm install -g. - [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary GitHub URLs which may contain untrusted code or data.
- [CREDENTIALS_UNSAFE]: The skill provides instructions for using GitHub Personal Access Tokens via command-line flags (
--token) or environment variables (GITHUB_TOKEN). While used for authentication, this requires the agent to handle and potentially expose sensitive secrets. - [PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection exists because the skill downloads data from external GitHub repositories. 1. Ingestion points:
gitload <URL>in SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Shell command execution (npx,gitload), file system access. 4. Sanitization: No sanitization or validation of the downloaded content is specified.
Audit Metadata