github
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides commands for high-impact actions like merging pull requests and deleting repositories via the GitHub CLI.
- [DATA_EXFILTRATION]: Capabilities are included to list and view sensitive metadata such as repository secrets and authentication status.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection. Ingestion points: Data is retrieved from untrusted GitHub content (PRs, issues, and logs) using commands like
gh pr viewandgh issue view. Boundary markers: No delimiters are defined to isolate untrusted content from the agent's instructions. Capability inventory: Includes sensitive operations like secret management and repository modification. Sanitization: External GitHub content is processed without explicit validation or escaping.
Audit Metadata