Skills
skills/ydkd/skills/repo-orchestrator/Gen Agent Trust Hub

repo-orchestrator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill automatically executes pnpm install. This is a significant security risk as it executes arbitrary lifecycle scripts (preinstall, postinstall) defined in the repository's package.json file. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): Uses corepack prepare pnpm@latest --activate to download and install the pnpm binary from remote sources. While corepack is a standard tool, it facilitates the execution of binaries fetched at runtime. \n- [REMOTE_CODE_EXECUTION] (HIGH): Significant Indirect Prompt Injection surface (Category 8). The skill reads and processes untrusted data from the local repository to make execution decisions. \n
  • Ingestion points: package.json (specifically the dependencies, devDependencies, and packageManager fields). \n
  • Boundary markers: Absent. The agent is not instructed to ignore instructions inside the files it reads. \n
  • Capability inventory: Full shell access to run pnpm, git, and node. \n
  • Sanitization: Absent. The node -e command directly evaluates logic based on the raw content of the package.json file.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:15 PM