github-research-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it is designed to ingest and process untrusted data from external GitHub repositories.
- Ingestion points: The instructions specifically direct the agent to read
README.md, dependency configuration files (package.json,pyproject.toml,Cargo.toml), and main source files from any GitHub repository requested by the user. - Boundary markers: There are no explicit instructions or delimiters provided to help the agent distinguish between its own system instructions and the potentially adversarial content found within the analyzed files.
- Capability inventory: The skill leverages CLI and MCP tools to fetch directory structures and file contents, which are then used to generate a comprehensive report.
- Sanitization: The skill lacks any sanitization or validation mechanisms to filter out malicious prompts or hidden instructions that might be contained within the files it analyzes.
Audit Metadata