Skills
skills/sheldonxxxx/skills/git-kb-retrieve/Gen Agent Trust Hub

git-kb-retrieve

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from an external repository which may contain malicious instructions.
  • Ingestion points: The read_file and read_frontmatter commands in scripts/gh_kb_helper.sh retrieve content from a GitHub repository into the agent context.
  • Boundary markers: The skill lacks explicit boundary markers or system instructions to ignore instructions embedded within the retrieved files.
  • Capability inventory: The helper script includes create and create-from-file commands that allow the agent to write back to the repository, providing a potential path for an injection to persist or spread.
  • Sanitization: No sanitization or validation of the content retrieved from the repository is performed.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API via the gh CLI tool to browse and retrieve repository content. These operations are performed against a well-known service (GitHub) and are consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 01:06 PM