gh-search-commits
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): The skill is purely documentation-oriented and does not include any executable scripts, remote downloads, or sensitive file access. All shell examples use legitimate GitHub CLI syntax.
- Indirect Prompt Injection (SAFE): Analysis of input surface: 1. Ingestion points: User-provided search query strings in the command template. 2. Boundary markers: The documentation explicitly recommends using quotes and the '--' separator to delimit the query. 3. Capability inventory: Execution of the local 'gh' (GitHub CLI) utility. 4. Sanitization: The skill provides clear instructions on shell quoting and stop-parsing flags to prevent the injection of malicious flags via user input.
Audit Metadata