opensrc
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads source code from well-known package registries including npm, PyPI, and crates.io, as well as GitHub repositories. These downloads are directed to a global cache at
~/.opensrc/.\n- [COMMAND_EXECUTION]: The skill uses theopensrcCLI tool along with standard shell utilities likerg,cat, andfindvia theBashtool. This allows the agent to execute commands to search for and read implementation details within the fetched source code.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it encourages the agent to read and analyze source code from external repositories. Maliciously crafted instructions hidden in code comments or documentation in those repositories could potentially manipulate the agent's actions.\n - Ingestion points: External code and documentation are ingested into the agent's context when it reads the files fetched to the
~/.opensrc/directory.\n - Boundary markers: There are no explicit delimiters or system instructions provided to help the agent distinguish between its own guidelines and instructions that might be embedded in the external source code.\n
- Capability inventory: The agent has access to the
Bashtool, which provides a broad set of capabilities that could be exploited if an indirect injection attack is successful.\n - Sanitization: The skill does not include any mechanism to sanitize or validate the content of the external repositories before it is processed by the agent.
Audit Metadata