rpi-research
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bundled Python script (
scripts/metadata.py) to execute localgitcommands. This is used to gather repository metadata such as the current commit, branch name, and repository name for inclusion in the generated research reports. The commands are executed safely using thesubprocessmodule with argument lists, which protects against command injection. - [SAFE]: The skill's primary function is to read and document existing code. It does not perform any network exfiltration, credential harvesting, or unauthorized privilege escalation. The instructions are focused on documentation and explicitly forbid the agent from making or suggesting changes to the codebase unless requested.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it is designed to read and analyze arbitrary files within a codebase.
- Ingestion points: The agent reads user-specified files and relevant codebase components found during discovery (SKILL.md, Steps 1 and 4).
- Boundary markers: Absent; the instructions prioritize reading files in full to ensure context.
- Capability inventory: The skill has the ability to write to the file system (Step 7) and execute a local Python script for metadata gathering (Step 6).
- Sanitization: None; the agent is acting as a documentarian of the existing code state.
Audit Metadata