skill-fix-logs
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions direct the agent to execute the
repomixcommand-line tool to summarize GitHub repositories.\n- [EXTERNAL_DOWNLOADS]: The skill explicitly suggests that the agent should install therepomixtool from an external source (https://repomix.com/guide/installation) if it is not already available on the system. This involves downloading software from a source not recognized as a trusted organization or well-known service.\n- [PROMPT_INJECTION]: The skill processes untrusted data fromlogs.txtand external URLs (including GitHub repositories), which presents a surface for indirect prompt injection.\n - Ingestion points: The agent reads
logs.txtfrom the project root and crawls user-provided URLs or GitHub repositories usingExplorersubagents.\n - Boundary markers: There are no boundary markers or instructions to treat the content of the logs or external sites as untrusted data or to ignore embedded commands.\n
- Capability inventory: The agent has the ability to execute shell commands, perform network requests via subagents, and use powerful skills like
claude-codeandskill-creatorto modify other skills.\n - Sanitization: No input validation, escaping, or sanitization mechanisms are defined for the data ingested from logs or remote sources before it is processed by the agent.
Audit Metadata