github
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ghandgitcommands viasubprocess.runto perform repository operations such as issue tracking and PR management. The implementation uses list-based arguments to prevent shell injection.- [EXTERNAL_DOWNLOADS]: The skill fetches repository metadata, issue bodies, and pull request content from GitHub. It also downloads Actions logs and artifacts for failure analysis.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from GitHub. - Ingestion points: GitHub issue bodies, PR descriptions, and Actions logs accessed via
projects/ghops/src/ghops/runtime.pyandprojects/ghops/src/ghops/checks.py. - Boundary markers: The prompt instructions do not specify delimiters or warnings to ignore instructions within ingested data.
- Capability inventory: The skill allows for mutating GitHub operations, including issue creation and PR updates.
- Sanitization: Content fetched from GitHub is processed without explicit sanitization or filtering of potential prompt instructions.
Audit Metadata