repo-health
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git and GitHub CLI (gh) commands to retrieve repository metadata, check branch status, and identify tracked files. These operations are core to the auditing functionality and are performed on the local repository path provided by the user.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and analyzes the content of untrusted local files such as README.md and CHANGELOG.md to evaluate documentation quality. * Ingestion points: Local repository files read during Step 5 and Step 6 of the auditing procedure. * Boundary markers: The skill does not explicitly use delimiters to separate untrusted file content from its own instructions. * Capability inventory: The agent has access to the gh and git command-line tools and the ability to write new files to the filesystem when the --fix flag is used. * Sanitization: The procedure specifies that all generated files must pass through a PII scrub before being written to disk.
Audit Metadata