project
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Bun's shell execution capability to run git, gh, and ghq commands for repository management and analysis. User-provided repository slugs and URLs are passed as arguments to these commands.
- [EXTERNAL_DOWNLOADS]: Fetches external source code from GitHub repositories using the ghq get command.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the repository indexing process. The reunion and index commands identify and process markdown files from external repositories to be added to a knowledge base.
- Ingestion points: The scripts/reunion.ts script recursively scans directories within cloned repositories for .md files.
- Boundary markers: The system does not implement specific delimiters to distinguish between trusted instructions and content from external repositories.
- Capability inventory: The agent can read local files, write logs/manifests, and execute various git/GitHub CLI commands.
- Sanitization: No content validation is performed on markdown files before processing.
Audit Metadata