repo-compliance-audit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto execute localgitcommands (e.g.,git rev-parse,git status,git diff) to gather repository metadata and verify file integrity. These operations are essential for the skill's auditing functionality and are restricted to the target repository. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. The
audit_repo.pyscript reads content from untrusted files within the target repository (such asAGENTS.mdand various code files) to generate a summary report. Malicious instructions embedded in the audited repository could theoretically influence an AI agent that subsequently processes the generatedreport.mdorfindings.jsonfiles. - Ingestion points: Content is read from
AGENTS.md,.env, and other repository files inaudit_repo.py(e.g., in_read_text_best_effortandscan_possible_secrets). - Boundary markers: The output reports do not use specific delimiters or warnings to isolate content ingested from the target repository.
- Capability inventory:
audit_repo.pycan read files and write to a user-defined output directory.remediate_repo.pycan write template files to the repository. - Sanitization: The scripts use regex to extract information but do not explicitly sanitize content before including it in the generated reports.
Audit Metadata