github-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill lacks any safeguards against Indirect Prompt Injection. It is built entirely around ingesting and 'deeply' analyzing untrusted data from external repositories. There are no instructions for the agent to use boundary markers or to ignore instructions found within the repository files. This creates a high risk where an attacker could place malicious instructions in a README, ARCHITECTURE.md, or source code file that the agent would follow while attempting to 'understand' the repo. * Ingestion points: GitHub repository files (README.md, etc.) as described in Phase 1 (SKILL.md). * Boundary markers: Absent. * Capability inventory: git clone, file system access, and potential tool execution based on agent reasoning. * Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): The skill methodology explicitly instructs the agent to perform command-line operations such as 'git clone', 'gh repo clone', and 'tokei'. While these are functional requirements, they increase the attack surface if the agent is manipulated via injection. Evidence: Phase 1 and Resources sections in SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata