open-source-contributions
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill analyzes untrusted third-party data from external repositories, which creates a surface for indirect prompt injection.
- Ingestion points: Step 1 and Step 4 require reading files such as
CONTRIBUTING.md,.github/workflows/, and linter configurations from external projects. - Boundary markers: Absent. There are no instructions to the agent to disregard instructions that might be embedded within the project files.
- Capability inventory: While this skill file contains no code, the agent using it typically has file-system access (read/write) and may have network capabilities used to fulfill the 'Fork and branch' instructions.
- Sanitization: Absent. The skill does not specify any validation or sanitization of the content fetched from the repositories.
- [Data Exposure & Exfiltration] (SAFE): The skill reads project configuration files (e.g.,
.prettierrc,pyproject.toml) but does not access sensitive credential files or exfiltrate data to unauthorized domains. - [Remote Code Execution] (SAFE): No patterns of remote code execution or piped shell commands were detected. The skill guides the user to perform tasks rather than executing arbitrary remote scripts.
Audit Metadata