Skills
skills/fortunto2/solo-factory/solo-github-outreach/Gen Agent Trust Hub

solo-github-outreach

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it fetches and processes untrusted documentation and source code from external GitHub repositories to inform its evaluation and drafting logic. \n
  • Ingestion points: README.md and Cargo.toml files are fetched via gh api in scripts/evaluate.py. \n
  • Boundary markers: Absent. The agent is instructed to directly interpret the content to understand project goals and detect features. \n
  • Capability inventory: The agent can execute commands via subprocess.run, perform git clone operations, and modify the local file system. \n
  • Sanitization: No sanitization or filtering of external content is performed before the agent processes it for decision-making.
  • [EXTERNAL_DOWNLOADS]: The skill fetches repository metadata and file contents from GitHub using the gh api tool. These operations target a well-known service (GitHub) and are used for the skill's stated purpose of repository evaluation.
  • [COMMAND_EXECUTION]: The scripts enrich.py and evaluate.py use subprocess.run to call the GitHub CLI. While the implementation follows best practices by using list-based arguments rather than shell strings, the skill relies on external command execution for its core functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:51 AM