make-repo-contribution
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown files (SKILL.md, issue-template.md, and pr-template.md). No scripts or executable logic are present.
- [DATA_EXFILTRATION] (SAFE): No patterns were found indicating access to sensitive credentials, environment variables, or private local files. There are no network requests.
- [PROMPT_INJECTION] (SAFE): The text instructions focus on following repository guidelines and do not contain attempts to bypass agent safety filters or override core system prompts.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill contains an attack surface for indirect injection as it instructs the agent to read and follow external repository documentation. Evidence: 1. Ingestion points: README.md, CONTRIBUTING.md, and repository documentation (identified in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Branch creation, committing code, and PR creation. 4. Sanitization: The skill explicitly directs the agent to ask the user for input if guidelines are unclear or confusing, providing a human-in-the-loop control.
Audit Metadata