Skills
skills/spences10/claude-code-toolkit/research/Gen Agent Trust Hub

research

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute specific GitHub CLI commands (gh api) and standard Git operations (git clone). These are restricted to the primary purpose of retrieving repository data for research.
  • [EXTERNAL_DOWNLOADS]: Fetches content from external web URLs and GitHub repositories via WebFetch, tavily_extract_process, and git clone to provide source-based answers (SKILL.md, references/repo-cloning-pattern.md).
  • [PROMPT_INJECTION]: Identified an indirect prompt injection surface where the agent processes untrusted external content.
  • Ingestion points: External data enters the context via WebFetch, tavily_extract_process, gh api, and git clone (SKILL.md, references/repo-cloning-pattern.md).
  • Boundary markers: Absent. No specific delimiters or "ignore embedded instructions" warnings are defined for the fetched content.
  • Capability inventory: The skill can execute Bash, Task, Read, and Grep operations (SKILL.md).
  • Sanitization: Absent. The skill does not explicitly sanitize or filter the retrieved content before it is read or summarized by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:20 PM