Skills
skills/jackjin1997/clawforge/github-trending-analyzer/Gen Agent Trust Hub

github-trending-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script scripts/fetch_trending.sh to scrape repository data using standard command-line tools.
  • [EXTERNAL_DOWNLOADS]: The script performs network requests to GitHub's official trending page. As GitHub is a well-known service, this is considered a safe external reference.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing external, attacker-influenced content (repository descriptions) without sanitization.
  • Ingestion points: Output from the scripts/fetch_trending.sh script containing third-party text.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the fetched data.
  • Capability inventory: The agent is instructed to categorize and summarize the resulting text.
  • Sanitization: Absent; the script only removes HTML tags and does not filter the text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 12:03 AM