security-ownership-map
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's metadata contains a deceptive author field that contradicts the verified vendor identity, potentially misleading users about the skill's origin and trust level.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection via the processing of untrusted git history data.\n
- Ingestion points: The
scripts/build_ownership_map.pyandscripts/community_maintainers.pyscripts ingest data from git logs and external configuration files.\n - Boundary markers: Extracted data is structured into CSV and JSON files, though it lacks explicit delimiters to prevent interpretation of embedded instructions in commit metadata.\n
- Capability inventory: The skill uses subprocess calls to execute git commands and performs extensive file system write operations.\n
- Sanitization: No validation or sanitization is performed on commit messages or author names before they are processed and stored in artifacts.\n- [COMMAND_EXECUTION]: The script
scripts/build_ownership_map.pyusessubprocess.Popento execute thegitbinary for repository analysis, which is its primary function.\n- [EXTERNAL_DOWNLOADS]: The skill documentation requires the installation of thenetworkxlibrary from a public package registry to support graph analysis functionality.
Audit Metadata