Skills
skills/adampoit/ai/gh/Gen Agent Trust Hub

gh

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill reads untrusted content from GitHub (PR/Issue descriptions and comments), creating a surface for indirect prompt injection.\n
  • Ingestion points: gh pr view, gh issue view, gh search (SKILL.md)\n
  • Boundary markers: Absent. The agent is not instructed to ignore or treat embedded instructions as data.\n
  • Capability inventory: gh pr create/merge, gh api POST/PATCH/DELETE (SKILL.md)\n
  • Sanitization: Absent.\n- Command Execution (SAFE): The skill uses the gh CLI as its primary interface. All examples are standard usage of the GitHub tool. No evidence of arbitrary shell execution or unsafe interpolation was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 01:13 AM