awesome-ai-security-overview
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to fetch resource data from a non-whitelisted GitHub repository (gmh5225/awesome-ai-security). While the domain is standard, the specific repository is not part of the trusted organization list.
- [Indirect Prompt Injection] (LOW): The skill creates a vulnerability surface by ingesting untrusted data from an external source without sanitization or clear boundary markers. 1. Ingestion points: README.md file from external GitHub URL. 2. Boundary markers: Absent in the instructions. 3. Capability inventory: Analyzing, categorizing, and formatting content for resource management. 4. Sanitization: No sanitization or validation of the fetched content is specified.
Audit Metadata