Skills
skills/ghostsecurity/skills/ghost-repo-context/Gen Agent Trust Hub

ghost-repo-context

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute complex shell pipelines involving tree, find, grep, sed, and git. These commands are used to map directory structures and identify technology stacks based on file extensions and manifest files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its core workflow requires reading and summarizing untrusted repository content.
  • Ingestion points: detector.md (Step 4) and summarizer.md (Steps 3 and 5) instruct the agent to read READMEs, source code, and manifest files from the target repository.
  • Boundary markers: Absent. The skill does not implement delimiters or provide explicit instructions to the agent to treat repository content strictly as data or to ignore embedded instructions.
  • Capability inventory: The agent is granted Read, Write, Edit, Glob, Grep, and Bash capabilities, which could be exploited if an injection successfully overrides the agent's instructions.
  • Sanitization: Absent. The skill does not perform validation or sanitization of the file contents before they are processed by the LLM for architectural summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:53 AM