repocache
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including 'git clone', 'npm view', 'cat', 'ls', and 'grep' to manage and search repositories. It also executes a local shell script 'repocache/clone.sh' to synchronize data.
- [EXTERNAL_DOWNLOADS]: It downloads source code from external Git repositories and queries the npm registry for package metadata.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it searches and reads untrusted third-party code.
- Ingestion points: Any file content within 'repocache///' that the agent reads during a search.
- Boundary markers: The skill uses glob patterns to filter file types but lacks explicit markers or instructions to treat the read content as data only.
- Capability inventory: The agent has the capability to execute shell commands, read and write files, and spawn subagents with access to the cloned directories.
- Sanitization: No sanitization or safety checks are performed on the content of the cloned files before they are processed by the agent.
Audit Metadata