oss-hunter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
hunter.pyexecutes the GitHub CLI (gh) usingsubprocess.runwith a list of arguments. This implementation correctly avoids shell injection by not usingshell=Trueand passing arguments as discrete list elements.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests untrusted repository names, descriptions, and issue titles from the GitHub API. This data could contain malicious instructions designed to manipulate an agent's behavior during Phase 3 (Feasibility Analysis) or Phase 4 (Dossier Generation).\n - Ingestion points:
hunter.py(viagh apiandgh issue listoutputs).\n - Boundary markers: Absent. The data is printed directly to stdout without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Subprocess execution of the
ghutility.\n - Sanitization: None. The script does not escape or validate strings retrieved from the API before they are processed by the agent.
Audit Metadata