repo-deep-dive-report
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/repo_snapshot.pyexecutes the localgitcommand usingsubprocess.runto retrieve the current HEAD and branch name. - [EXTERNAL_DOWNLOADS]: The documentation suggests using
openskills, an external Node.js tool from the same author, to facilitate installation and discovery of the skill. - [COMMAND_EXECUTION]: The script
scripts/render_md_to_html.pyperforms file system operations to write the generated HTML report to the user's local disk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted data from the repository being reviewed.
- Ingestion points: The agent reads source code, documentation, and configuration files from the target repository as part of its analysis phases.
- Boundary markers: The
SKILL.mdfile includes a specific 'Security and Desensitization' section that instructs the agent to ignore and mask sensitive values like keys and tokens. - Capability inventory: The skill includes Python scripts that use
subprocess.runforgitcommands and file writing operations. - Sanitization: The
scripts/render_md_to_html.pyscript utilizeshtml.escapeto sanitize content before rendering it into the HTML report.
Audit Metadata