github-intel
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted repository content (READMEs, source code) and presents it to the agent without sanitization.
- Ingestion points: README and file contents are retrieved in
repo_analyzer.pyandrepo_to_markdown.py. - Boundary markers: The skill uses Markdown headers and code fences but does not escape triple backticks within the content, which could allow text to 'break out' of the formatting.
- Capability inventory: The skill performs network GET requests to GitHub APIs; it does not have file-writing or command execution capabilities.
- Sanitization: No sanitization of the fetched text is performed.
- [Metadata Poisoning] (SAFE): The skill documentation claims to use only the Python standard library, yet the implementation requires the
requestslibrary. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses the
requestslibrary to fetch data from trusted domains (api.github.com,raw.githubusercontent.com) for repository analysis.
Audit Metadata