octocode-research
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and analyze untrusted external content, which is the primary vector for indirect prompt injection.
- Ingestion Points: Remote GitHub repositories, Pull Request content, and npm package data (via Octocode tools).
- Boundary Markers: None mentioned in the descriptions; the lack of explicit delimiters increases the risk that embedded instructions in analyzed code will be obeyed by the agent.
- Capability Inventory: Includes semantic navigation (LSP), code flow tracing, and usage finding, which requires the agent to interpret potentially adversarial code structures.
- Sanitization: No evidence of sanitization or filtering of external code/metadata before it is processed by the agent's reasoning engine.
- [Remote Code Execution] (LOW): The use of LSP (Language Server Protocol) typically involves executing language-specific servers to analyze code. While standard for development tools, if used on untrusted local repositories, it could lead to the execution of malicious build scripts or configuration-based triggers (e.g., .editorconfig or local tool-chains).
Audit Metadata