github-search-before-code
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interacts with external, untrusted content from GitHub, creating a surface for indirect prompt injection.\n
- Ingestion points: Metadata retrieved from the GitHub Search API and repository contents fetched during the analysis workflow (e.g., README files).\n
- Boundary markers: The skill does not provide specific delimiters or 'ignore' instructions to isolate fetched content from system prompts.\n
- Capability inventory: The skill script has network access to the GitHub API, and the overall workflow involves interpreting and adapting external code.\n
- Sanitization: The
github_search.pyscript truncates repository descriptions to 200 characters, which serves as a limited constraint on external data ingestion.
Audit Metadata