btca-local
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's primary workflow involves cloning remote git repositories to the local directory
~/.btca/agent/sandboxusing URLs provided by the user or inferred by the agent. This results in the download of untrusted external content into the local filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external repositories.
- Ingestion points: Content is retrieved from remote git repositories during the
loadandsearchsteps (SKILL.md). - Boundary markers: The instructions do not define any delimiters or system instructions to distinguish between developer commands and data contained within the searched files.
- Capability inventory: The skill uses
git clonefor network operations and filesystem search capabilities (SKILL.md). - Sanitization: No sanitization, escaping, or validation logic is present to handle potentially malicious instructions embedded in the repositories.
Audit Metadata