devpilot-scanning-repos
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate repository analysis tasks using standard development tools such as
gh,git, andgrep.\n- [PROMPT_INJECTION]: The instructions and sub-agent prompts were reviewed for attempts to bypass safety filters or override agent behavior. No such patterns were detected; the use of 'IMPORTANT' and 'CRITICAL' in the instructions is limited to defining internal workflow priorities and scaling constraints.\n- [DATA_EXFILTRATION]: While the skill reads repository content and posts findings to GitHub, this behavior is documented and required for its stated purpose. No sensitive data is transmitted to unauthorized external domains.\n- [COMMAND_EXECUTION]: The skill invokes standard CLI tools to inspect the codebase. These operations are scoped to the repository and do not include dangerous or excessive privileges.\n- [REMOTE_CODE_EXECUTION]: The skill does not download or execute code from remote sources. It uses a local Python script (scripts/check-findings.py) to validate scanner output.\n- [SAFE]: Analysis of the Indirect Prompt Injection surface (Category 8):\n - Ingestion points: Repository source files and documentation files (e.g., README.md, CLAUDE.md) processed by scanner sub-agents.\n
- Boundary markers: Explicit instructions in sub-agent prompts (e.g.,
agents/security-scanner.md,agents/edge-case-hunter.md) define the scope and specific exclusion rules.\n - Capability inventory: The skill has the capability to create and edit GitHub issues and labels (
gh issue create,gh label edit).\n - Sanitization: Findings generated by sub-agents are validated against a strict JSON schema and a manifest list by the local
scripts/check-findings.pyutility before further processing.
Audit Metadata