CtrlK
BlogDocsLog inGet started
Tessl Logo

read-github

Read and search GitHub repository documentation via gitmcp.io MCP service. **WHEN TO USE:** - User provides a GitHub URL - User mentions a specific repo in owner/repo format - User asks "what does this repo do?", "read the docs for X repo", or similar - User wants to search code or docs within a repo

87

Quality

84%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Security

2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.

Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests public, user-generated GitHub repository documentation and arbitrary external URLs via the gitmcp.io MCP tools (see SKILL.md workflow and scripts/gitmcp.py's fetch-docs, search-docs, and fetch-url/call of fetch_generic_url_content), so untrusted third-party content can be read and influence agent actions.

Report incorrect finding
Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 0.90). The skill spawns npx mcp-remote pointed at gitmcp.io (e.g. https://gitmcp.io/owner/repo) at runtime and depends on that MCP server’s returned tool definitions and documentation (and on npx fetching/executing the mcp-remote package), which can inject instructions or execute remote code that control the agent.

Report incorrect finding
Repository
am-will/codex-skills
Commit

ca2c3b3

Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill