github-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes significant local command-line capabilities to diagnose and resolve issues. This includes running
git,ssh,ls, andcatcommands. It also offers to perform configuration changes like setting credential helpers and generating SSH keys usingssh-keygenandssh-agent. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and use of third-party tools such as BFG Repo-Cleaner,
git-secretsvia Homebrew, anddetect-secretsvia PyPI. These are well-known tools for Git maintenance and security. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the merge conflict resolution workflow (Workflow 4). Mandatory Evidence: 1. Ingestion points: The agent offers to read the contents of conflicted files to identify markers. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified when reading file contents. 3. Capability inventory: The agent has the ability to execute terminal commands (
git,rm, etc.). 4. Sanitization: No sanitization logic is present to filter malicious instructions within conflicted files. - [CREDENTIALS_UNSAFE]: The skill interacts with sensitive file paths including the
~/.sshdirectory and environment files like.envwhen helping users locate accidentally committed secrets or setting up authentication.
Audit Metadata