Skills
skills/mrgoonie/xxxnaper/docs-seeker/Gen Agent Trust Hub

docs-seeker

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external websites and GitHub repositories, creating a surface for indirect prompt injection.\n
  • Ingestion points: Documentation content fetched via WebFetch (Phase 2) and repository data processed by Repomix into XML format (Phase 3).\n
  • Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands when processing retrieved content.\n
  • Capability inventory: The agent can execute system commands (git clone, npm, repomix) and perform network requests.\n
  • Sanitization: No explicit sanitization or filtering of external data is mentioned.\n- [COMMAND_EXECUTION]: The skill uses Bash to install the repomix utility, clone repositories, and generate repository summaries. These commands are necessary for the skill's core functionality of analyzing codebase documentation.\n- [EXTERNAL_DOWNLOADS]: The skill fetches content from external documentation URLs and GitHub repositories. It also installs the repomix tool from the NPM registry. These sources are generally well-known and expected for this type of technical task.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:30 PM