enterprise-readiness
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the repository being analyzed, such as README.md, source code, and CI/CD configuration files. This introduces an attack surface for indirect prompt injection (Category 8), where instructions embedded in the analyzed repository could attempt to influence the agent's assessment behavior.
- Ingestion points: The skill reads various files from the target repository, including markdown documentation and YAML workflow files.
- Boundary markers: There are no explicit delimiters or specific instructions to ignore embedded prompts when the agent processes these files.
- Capability inventory: The skill possesses significant capabilities, including file system access (Read/Write), network interaction via the GitHub CLI (gh), and execution of arbitrary shell commands.
- Sanitization: The skill performs diagnostic checks but does not sanitize the content before it is processed by the AI agent's reasoning engine.
- [COMMAND_EXECUTION]: The skill includes several scripts (e.g.,
verify-reproducible-build.sh,analyze-bus-factor.sh) that execute system commands. While the scripts use allowlists and deterministic patterns to minimize risk, they represent an active surface for command execution on the host environment.
Audit Metadata