Skills
skills/github/awesome-copilot/repo-story-time/Gen Agent Trust Hub

repo-story-time

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local PowerShell and Git commands to inspect the repository. Specifically, it uses Get-ChildItem to list files and several git log variations to extract commit metrics, contributor lists, and change patterns. These commands are executed locally and are restricted to retrieving repository metadata.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository's file system and history.
  • Ingestion points: Commit messages, author names, and file contents/paths extracted via Git and PowerShell commands.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the analyzed repository data.
  • Capability inventory: The skill utilizes the editFiles tool to create and modify files (REPOSITORY_SUMMARY.md and THE_STORY_OF_THIS_REPO.md) based on the analyzed data.
  • Sanitization: No sanitization or validation of the ingested data is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:26 AM