Skills
skills/gmickel/gmickel-claude-marketplace/rp-explorer/Gen Agent Trust Hub

rp-explorer

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill executes command strings via rp-cli -e. This allows for complex command chaining (&&) and poses a command injection risk if the agent interpolates unsanitized user input into the string.
  • DATA_EXFILTRATION (MEDIUM): Commands such as context --all > output.md and prompt export enable the agent to aggregate the entire codebase context into a single file, which can be easily redirected or exfiltrated.
  • REMOTE_CODE_EXECUTION (MEDIUM): The CLI supports the execution of local script files via the --exec-file flag. If an attacker can influence these scripts or their paths, it could lead to arbitrary code execution within the RepoPrompt environment.
  • EXTERNAL_DOWNLOADS (LOW): The skill depends on RepoPrompt/rp-cli, a third-party tool that is not included in the trusted source list.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: read, search, and structure commands which ingest file content from the codebase. 2. Boundary markers: Absent; no delimiters are used to wrap file content. 3. Capability inventory: Commands include file reading, writing (via redirection), context exporting, and script execution. 4. Sanitization: Absent; file content is processed and presented to the agent without filtering.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:37 PM