Skills
skills/sebastiaanwouters/dotagents/librarian/Gen Agent Trust Hub

librarian

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the opensrc_execute tool, which permits the execution of server-side JavaScript for codebase analysis.
  • Evidence: Documented in references/opensrc-api.md, specifying that the tool accepts a code parameter for server-side execution of JavaScript async arrow functions.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill fetches and processes data from external, untrusted repositories.
  • Ingestion points: The opensrc.fetch method retrieves code and metadata from GitHub, npm, PyPI, and Crates (documented in SKILL.md and references/opensrc-api.md).
  • Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted repository content from agent instructions.
  • Capability inventory: The opensrc_execute tool provides server-side script execution capabilities (references/opensrc-api.md).
  • Sanitization: There is no evidence of content sanitization or validation performed on the fetched repository data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:45 PM