add-molab-badge
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
git remote get-url originto determine the repository owner and name. This is a standard and benign operation in the context of developer tools. - [PROMPT_INJECTION]: The skill reads content from repository files (Python files and READMEs) to discover notebooks or replace links. This represents a potential surface for indirect prompt injection if those files contain malicious instructions. However, the agent's task is highly structured (looking for specific headers or links), which limits the risk.
- Ingestion points: Reads all
.pyfiles in the repository and the target markdown/HTML file. - Boundary markers: None specified for the content being read.
- Capability inventory: Executes git commands and performs file read/write operations.
- Sanitization: No explicit sanitization of file content is described before processing.
- [SAFE]: All external URLs and image sources point to the vendor's own domains (
marimo.io,molab.marimo.io) for hosting the badge assets and the web-based notebook environment.
Audit Metadata