dig
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones source code from GitHub repositories to retrieve documentation. This utilizes a well-known service for its intended functionality.
- [COMMAND_EXECUTION]: The skill executes shell commands including
git clone,mkdir, andlsto manage repositories in the/tmp/cc-reposdirectory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes untrusted data from external repositories.
- Ingestion points: Files such as READMEs and source code within cloned repositories at
/tmp/cc-repos/{repo-name}. - Boundary markers: There are no specified delimiters or instructions to ignore potential commands within the ingested files.
- Capability inventory: The agent uses a research sub-agent with file system access to explore the downloaded content.
- Sanitization: No sanitization or validation is applied to the repository content before processing.
Audit Metadata