Skills
skills/andrewbastin/gh-scout/exploring-github/Gen Agent Trust Hub

exploring-github

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Command Execution (SAFE): The skill utilizes the legitimate gh (GitHub CLI) tool for all operations. The commands are well-formed and targeted at repository metadata, code navigation, and contribution history. There is no evidence of command injection or dangerous chaining.
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from external GitHub repositories, creating an attack surface for indirect prompt injection.
  • Ingestion points: gh api .../contents/PATH, gh issue view, gh pr view, and gh search code ingest content from third-party repositories.
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific 'ignore embedded instructions' directives for the content retrieved.
  • Capability inventory: The agent has shell access (required to run gh) which could be exploited if the agent follows instructions found in a malicious repository.
  • Sanitization: Absent. The skill uses head -500 to limit output size but does not perform sanitization or escaping of the retrieved content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:35 PM