Skills
skills/zircote/.claude/docs-seeker/Gen Agent Trust Hub

docs-seeker

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [External Downloads & RCE] (HIGH): The skill mandates the global installation of the 'repomix' package and the cloning of arbitrary GitHub repositories via 'git clone'. This pattern allows the download and potential execution of untrusted code within the agent's environment. Evidence in SKILL.md: 'npm install -g repomix', 'git clone [repo-url]'.
  • [Indirect Prompt Injection] (LOW): The skill is designed to fetch and process data from untrusted internet sources, serving as a primary vector for injection attacks. \n
  • Ingestion points: Documentation is ingested from context7.com, various repository URLs, and arbitrary web pages discovered through search. \n
  • Boundary markers: Absent. There are no instructions to use delimiters or safety prompts to ignore embedded instructions in the fetched documentation. \n
  • Capability inventory: The agent uses WebFetch, git, and sub-agent tasking (Explore/Researcher) to handle untrusted content. \n
  • Sanitization: Absent. Content is parsed and summarized without filtering or validation logic.
  • [Data Exposure & Exfiltration] (LOW): The skill prioritizes the use of 'context7.com' for data retrieval. This is a non-whitelisted, untrusted external domain. Evidence in SKILL.md: 'PRIORITIZE context7.com'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:39 PM