opensrc
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads and installs an external CLI tool and pulls source code from various public registries and code hosting platforms.
- Evidence: 'npm install -g opensrc' and 'npx opensrc' usage for installation and execution.
- Evidence: Network requests to 'registry.npmjs.org', 'pypi.org', 'crates.io', 'api.github.com', and 'gitlab.com' to resolve package URLs.
- COMMAND_EXECUTION (MEDIUM): The skill executes shell commands and modifies project-level configuration files.
- Evidence: Uses 'git clone --depth 1' via 'lib/git.ts' to download repositories.
- Evidence: Modifies '.gitignore', 'tsconfig.json', and 'AGENTS.md' to integrate the tool into the local development environment.
- PROMPT_INJECTION (MEDIUM): The skill creates a high-risk surface for Indirect Prompt Injection by ingesting untrusted external data into the agent's context.
- Ingestion points: External source code from any package or repository is stored in the 'opensrc/repos/' directory.
- Boundary markers: None identified; the fetched code is presented directly to the agent as 'implementation context'.
- Capability inventory: Allows reading of arbitrary code which may contain malicious instructions designed to subvert agent behavior.
- Sanitization: No evidence of sanitization or safety filtering for the fetched source code content.
Audit Metadata