code-repository-intel
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
PreToolUseandPostToolUsehooks to execute local shell scripts (pre_rate_limit_hook.shandpost_skill_logging_hook.sh) located in a relative path outside the skill directory. - [DATA_EXFILTRATION]: The skill is designed to scan for and extract data from sensitive files such as CI/CD configurations and Docker Compose environment variables, which may contain hardcoded secrets or internal infrastructure details.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection attacks.
- Ingestion points: Processes external content from GitHub and GitLab repositories, including dependency files (
package.json,requirements.txt), CI configs (.github/workflows/*.yml), and Dockerfiles. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill has access to the
BashandWebFetchtools and executes local scripts via hooks. - Sanitization: There is no evidence of content sanitization or validation for the data retrieved from external repositories before it is incorporated into the agent's context.
Audit Metadata