greptile-init
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the AI agent to map the repository by reading various files (e.g.,
package.json,requirements.txt, documentation) to identify architectural patterns and tech stacks. This ingestion of untrusted repository data constitutes an indirect prompt injection surface, as malicious instructions hidden within the analyzed files could potentially influence the agent's output.\n - Ingestion points: Repository exploration phase defined in
SKILL.md(Phase 1) involving file listing and reading.\n - Boundary markers: The skill does not provide specific delimiters or instructions for the agent to disregard embedded directives within the files it reads.\n
- Capability inventory: The agent possesses capabilities to read arbitrary files within the repository and write configuration files to the
.greptile/directory.\n - Sanitization: There are no instructions for sanitizing or validating the content of the ingested files before processing.\n- [NO_CODE]: The skill consists exclusively of non-executable Markdown files (
SKILL.md,README.md, and several reference files). It does not contain any scripts, binary executables, or third-party code dependencies, which mitigates risks associated with direct malicious execution.
Audit Metadata