sensei
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution: The skill executes local commands such as 'npm test' and 'git commit' to manage the skill improvement loop. The included Python script specifically calls the GitHub CLI ('gh') to retrieve authentication tokens for API requests.
- Credential Access: The tool programmatically retrieves the user's GitHub token to facilitate connection to the GitHub Models API. This approach is typical for tools requiring secure access to GitHub-hosted LLM services.
- External Resource Ingestion: The skill processes external 'SKILL.md' files, which presents a surface for indirect prompt injection. Malicious content within a processed skill could theoretically influence the analyzer's output, though the risk is localized to the optimization process.
- Dependency Usage: The project references several external dependencies such as 'litellm' and 'gepa', and instructions recommend running 'npm install' for test execution, which is standard practice for modern development environments.
Audit Metadata