Skills
skills/oaustegard/claude-skills/building-github-index/Gen Agent Trust Hub

building-github-index

Fail

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts github_index.py and pk_index.py fetch repository metadata and download source code tarballs from the official GitHub API (api.github.com).
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from remote repositories to create its indexes.
  • Ingestion points: Content is ingested from file paths, YAML frontmatter, Markdown headings, and code symbols extracted from arbitrary GitHub repositories (scripts/github_index.py, scripts/pk_index.py).
  • Boundary markers: The generated Markdown index uses structured tables and code blocks but does not include explicit "ignore embedded instructions" warnings for the AI agent that eventually reads the index.
  • Capability inventory: The skill is capable of reading file contents and summarizing them into a Markdown index intended for Claude project knowledge.
  • Sanitization: The skill performs basic cleaning of frontmatter (stripping HTML tags) but does not validate the semantic content of headings or file descriptions for malicious instructions.
Recommendations
  • HIGH: Downloads and executes remote code from: https://api.github.com/repos/{owner}/{repo}/contents/PATH?ref={ref} - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 24, 2026, 06:29 AM