Skills
skills/sd0xdev/sd0x-dev-flow/repo-intake/Gen Agent Trust Hub

repo-intake

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.spawnSync to execute git commands and local Node.js scripts for project initialization and delta scanning.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by reading untrusted data from repository files (READMEs, documentation, and configuration) and incorporating it into the agent's context.
  • Ingestion points: scan_midway_repo.js reads README files and package scripts from the target repository.
  • Boundary markers: No delimiters or protective instructions are used to distinguish repository content from system instructions in the generated output.
  • Capability inventory: The skill scripts have access to the file system and can spawn subprocesses via Git and Node.js.
  • Sanitization: The skill does not sanitize or filter content read from the repository files before providing it to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:40 AM