news
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill uses a shell command to echo a GitHub authentication token directly into a plain-text file (
~/.git-credentials) and configures the git credential helper to use local storage. This exposes sensitive credentials to any process or user with access to the file system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its architecture of gathering and rendering untrusted content from the live web and GitHub.
- Ingestion points: WebSearch results from five parallel subagents (Agents 1-5) in Phase 1, including trending GitHub repositories.
- Boundary markers: None; there are no delimiters or instructions to ignore malicious commands embedded in the research data when it is passed to the planning and build agents.
- Capability inventory: The skill possesses the ability to write local HTML files and execute git commands to push data to a remote repository.
- Sanitization: The skill does not perform formal HTML sanitization or escaping of the fetched data before it is rendered into the final index.html files.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage git configuration and synchronize the repository with GitHub.
Audit Metadata