find-examples
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
mkdir,cd, andgit clone. It also runs a local Python scriptscripts/github_search.pyto interface with the GitHub API. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to GitHub's official API (
api.github.com) to search for repositories. It subsequently clones entire repositories from external URLs provided by the search results. While GitHub is a well-known service, the specific content within the cloned repositories is untrusted and originates from various third-party authors. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted external data.
- Ingestion points: Content from any repository cloned into the
_examples/directory, which the agent is instructed to read using tools likesmart_readorgrep_search. - Boundary markers: Absent. There are no instructions provided to wrap the external content in delimiters or to ignore embedded instructions found within the cloned code or README files.
- Capability inventory: The skill possesses the ability to create directories, clone repositories, and execute a search script using the
requestslibrary. The agent environment likely includes additional tools for file reading and processing. - Sanitization: Absent. The skill does not perform any validation, filtering, or escaping of the content found in the third-party repositories before the agent inspects it.
Audit Metadata