github-automation
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requests the
Bashtool to facilitate CI/CD automation (e.g., executing./deploy.shandnpm test). While aligned with the stated purpose, providing a general-purpose shell to an agent that also reads untrusted content from the internet is a high-risk configuration that requires careful monitoring. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a significant attack surface for indirect prompt injection because it is designed to ingest and act upon data from external, potentially malicious sources.
- Ingestion points: Untrusted data enters the agent context via GitHub Issues, Pull Request descriptions, and source code retrieved using tools like
mcp__github__search_issues,mcp__github__get_pull_request, andmcp__github__search_code. - Boundary markers: Absent. The skill provides no instructions or delimiters to help the agent distinguish between its own instructions and potentially malicious instructions embedded in the data it reads.
- Capability inventory:
Bash(arbitrary command execution),Write/Edit(file system modification), andmcp__github__*(full repository and organization control). - Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the external content before it is processed or used in downstream operations.
Audit Metadata