teardown-github
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill uses
WebSearchandWebFetchto gather public data from well-known platforms like GitHub, HackerNews, and Reddit. These operations are required for its research functionality and do not target sensitive local files or user credentials. - [PROMPT_INJECTION]: The skill processes untrusted data from external repositories, representing a potential surface for indirect prompt injection.
- Ingestion points: Fetches README files, issue trackers, and source code from user-provided GitHub URLs (
Phase 1, Step 1 & 3) and search results from community platforms (Phase 1, Step 2). - Boundary markers: No specific delimiters or "ignore instructions" headers are explicitly defined to isolate untrusted data during analysis.
- Capability inventory: The skill utilizes
Bashfor basic system tasks (like generating timestamps) andWritefor saving the final report locally. - Sanitization: There is no explicit description of sanitization or filtering for the content fetched from the web before it is processed.
Audit Metadata