Skills
skills/famaoai-creator/gemini-skills/knowledge-harvester/Gen Agent Trust Hub

knowledge-harvester

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In src/lib.ts, the harvestRepository function uses execSync to run a git clone command. The repoUrl argument, supplied by the user via command-line arguments, is interpolated directly into the command string without any sanitization or validation. This allows an attacker to execute arbitrary shell commands by providing a malicious URL containing shell metacharacters (e.g., ;, &, |, or backticks).
  • [PROMPT_INJECTION]: The skill clones and extracts data from untrusted external repositories to generate documentation and knowledge bases, creating a risk of indirect prompt injection.
  • Ingestion points: External files cloned from Git repositories (src/lib.ts).
  • Boundary markers: None identified in the source code or skill instructions.
  • Capability inventory: Subprocess execution (execSync), directory reading (fs.readdirSync), and file system write (safeWriteFile).
  • Sanitization: No sanitization or filtering of external content is performed before indexing or processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 01:09 AM