docs-seeker
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill triggers the installation and execution of the 'repomix' package at runtime. This 'download-then-execute' behavior is a high-risk pattern that can lead to arbitrary code execution if the package or its registry source is compromised.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill performs 'npm install' and 'git clone' on potentially untrusted external sources without strict verification. It prioritizes 'context7.com', a non-whitelisted domain, for documentation aggregation.
- [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection (Category 8) because the skill processes untrusted content from repositories and documentation sites. Mandatory Evidence: (1) Ingestion Points: Content from 'git clone' and 'WebFetch' (llms.txt) enters the agent context. (2) Boundary Markers: Absent; no delimiters separate untrusted content from system instructions. (3) Capability Inventory: Shell execution (git, npm, repomix) and file-read access. (4) Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): Executes shell commands like 'git clone' and 'npm install' with user-influenced parameters, which could be exploited if target URLs are malicious.
Recommendations
- AI detected serious security threats
Audit Metadata