github-repository-standards
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Automated scans (URLite) found a blacklisted malicious URL in the SUPPORT.md file. The skill instructs the agent to ensure this file exists in the repository context, which creates a risk of distributing malware or phishing links to users and contributors.
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the repository's file system. 1. Ingestion points: The 'Root Hygiene Audit' scans the repository root directory for file names. 2. Boundary markers: Absent. 3. Capability inventory: The skill generates relocation plans, script overrides (e.g., package.json), and drafts README documentation. 4. Sanitization: Absent. Maliciously named files could be used to inject unwanted content or instructions into the resulting documentation and configuration scripts.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata