open-source-maintainer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to instructions embedded in GitHub issues and PRs. * Ingestion points: Issue and PR data are fetched via GraphQL in
scripts/triage/github.ts. * Boundary markers: None detected in the prompts. * Capability inventory: Commandsgitandghare executed viaexecFileSync, and reports are written to the filesystem. * Sanitization: Basic phrase sanitization exists inderive.tsfor configuration overrides. - Command Execution (SAFE): CLI tools are invoked using
execFileSyncwith argument arrays, which is a secure pattern for preventing shell injection. - Data Exposure & Exfiltration (SAFE): The skill's access is restricted to repository maintenance tasks, with no evidence of sensitive data exfiltration or unauthorized network calls.
Audit Metadata