GitHub Pages
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard git and gh (GitHub CLI) commands to manage repository state and configuration. These actions are consistent with the skill's stated purpose of deploying to GitHub Pages.
- [CREDENTIALS_UNSAFE] (SAFE): The skill utilizes the official gh auth login --web command, which triggers a browser-based OAuth flow. This is a secure method for authenticating the GitHub CLI and does not involve hardcoded secrets or unsafe credential handling.
- [DATA_EXFILTRATION] (SAFE): All network communication is directed to official GitHub domains (github.com, api.github.com) via the gh CLI. No evidence of data being sent to unauthorized third-party servers was found.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill inspects local project files (e.g., package.json, vite.config.js) to detect project types. While this is an ingestion point for untrusted data, the logic is limited to identifying project frameworks for configuration purposes and does not interpolate file content directly into sensitive execution paths. Ingestion points: Phase 2 Detect Project Type (SKILL.md). Boundary markers: Absent. Capability inventory: git push and gh api (SKILL.md, setup-gh-pages.sh). Sanitization: Regex-based extraction.
Audit Metadata