github-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from git commits which could influence agent behavior or report generation.\n
- Ingestion points: Commit data (messages, authors) is read from
commits.jsoninscripts/analyze_commits.pyandscripts/calculate_leaderboard.py.\n - Boundary markers: Data is interpolated directly into analysis results and report templates without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill utilizes file system access and shell command execution (
grep,git,npm).\n - Sanitization: No input validation or sanitization is performed on the commit data. Specifically,
scripts/generate_report.pyinjects author names and commit messages into HTML templates without escaping, introducing a cross-site scripting (XSS) risk.\n- [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands for local repository analysis.\n - Evidence: Examples in
SKILL.mdusegrepandgit logto extract code complexity and churn metrics.\n - Evidence: The skill suggests running
npm testandpytestfor coverage analysis.
Audit Metadata