Git Repo Reader

The skill's code and instructions match its stated purpose (automated reading/analysis of GitHub or local repos); nothing obvious is requesting unrelated credentials or contacting unexpected endpoints, though there are a few minor implementation details worth checking before use.

This skill appears coherent with its purpose, but review a few practical points before using it: - Review the analyze_repo.py source yourself (it is bundled) to confirm it doesn’t run unexpected shell commands. The script imports subprocess and may call external tools (e.g., git) in code not shown in the truncated listing — if so, the skill metadata should have declared required binaries. If you rely on local analysis, ensure the environment has any needed binaries. - When analyzing a local path, only point it at repositories you intend to share; the script will read files under the provided path. Do not allow the agent to choose arbitrary system paths. - Remote analysis contacts api.github.com and raw.githubusercontent.com (expected). If you need high-volume usage, note GitHub API rate limits and consider supplying a token via a controlled mechanism (the skill currently does not require one). - Run the script in a sandbox or with limited privileges if you have sensitive data / strong security requirements. If you want higher assurance, provide the full analyze_repo.py content for review (the manifest includes it) and confirm whether it invokes external binaries (git, etc.) or spawns subprocesses; that will change confidence to high.