oss-hunter
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
bin/hunter.pyinvokes the GitHub CLI (gh) usingsubprocess.run. The use of a list for command arguments is a secure practice that prevents shell injection vulnerabilities.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with public GitHub repository and issue data. It does not access sensitive local files (such as SSH keys or environment variables) or credentials. All network communication is directed to official GitHub infrastructure via theghtool.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from GitHub issue titles and descriptions. While this provides a surface for indirect prompt injection, it is an inherent risk of tools that process external content and is handled by standard agent guardrails.\n - Ingestion points: Repository names and issue metadata fetched from the GitHub API in
bin/hunter.py.\n - Boundary markers: No explicit delimiters are used when processing external data in the dossier generation.\n
- Capability inventory: The skill uses the
ghtool for repository searching and issue listing.\n - Sanitization: Fetched issue data is printed to the terminal without specific sanitization or filtering.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with GitHub's official API endpoints. This interaction with a well-known service is standard for the skill's purpose and does not involve downloading or executing arbitrary third-party scripts.
Audit Metadata