oss-alternatives
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses the vendor's own 'tinyfish' tool to scrape public information from trusted sources like GitHub and curated lists.
- [COMMAND_EXECUTION]: The skill executes the 'tinyfish' CLI to perform web searches and repository health checks. This is the intended core functionality of the skill and is performed on public data.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external web content from GitHub and Reddit. However, the instructions explicitly advise treating this data as untrusted and using it for synthesis only. Evidence: 1. Ingestion points: Web data from GitHub and Reddit search results (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Execution of 'tinyfish' CLI and shell redirection (SKILL.md). 4. Sanitization: Absent.
Audit Metadata