code-context
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's 'Git Clone' method instructs the agent to run 'git clone' and 'rm -rf' using variables like '' which are derived from external inputs. This pattern is vulnerable to command injection or directory traversal if the agent does not strictly validate the provided repository name or URL.
- [PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection (Category 8) due to its core function of summarizing untrusted external data. * Ingestion points: Data is pulled from GitHub wikis (read_wiki_contents), library documentation (query-docs), code search tools (get_code_context_exa), and cloned repositories. * Boundary markers: The instructions lack requirements for using boundary markers or 'ignore' instructions when processing external content. * Capability inventory: The agent can execute shell commands (git, rm, grep), read/write to /tmp, and perform network requests via search and fetch tools. * Sanitization: There is no mention of sanitizing or escaping the retrieved content before it is processed by the LLM.
Audit Metadata