Skills
skills/oaustegard/claude-skills/building-github-index/Gen Agent Trust Hub

building-github-index

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external GitHub repositories to generate repository indexes.
  • Ingestion points: The scripts scripts/github_index.py and scripts/pk_index.py download repository tarballs from GitHub.
  • Boundary markers: The generated markdown index does not include explicit boundary markers or warnings to the agent to ignore instructions embedded in the indexed content.
  • Capability inventory: The scripts themselves are focused on data processing, but the agent using the generated index may possess file-system and network capabilities.
  • Sanitization: The scripts extract headings and code symbols but do not sanitize the resulting text for potential instructions.
  • [COMMAND_EXECUTION]: The documentation includes a command-line utility for the agent to fetch and decode GitHub file contents. Although it pipes output to python3, the execution is limited to a static script for Base64 decoding of data from a well-known service (GitHub).
  • [EXTERNAL_DOWNLOADS]: The scripts download content from api.github.com to fulfill the core functionality of indexing repositories. This interaction targets a well-known technology service.
Recommendations
  • HIGH: Downloads and executes remote code from: https://api.github.com/repos/{owner}/{repo}/contents/PATH?ref={ref} - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 09:56 PM