Skills
skills/arthur0824hao/skills/skill-system-github/Gen Agent Trust Hub

skill-system-github

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh and git CLI commands via proc.exec to perform repository operations. This relies on the calling agent to properly sanitize inputs to prevent command injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data in high-impact operations.
  • Ingestion points: Untrusted data enters the context through the title, body, and content fields in the manage-issues, manage-templates, and manage-workflows operations.
  • Boundary markers: Absent. The scripts do not define clear delimiters or provide instructions to the agent to disregard potential commands embedded within the input data.
  • Capability inventory: The skill can execute shell commands (proc.exec), write to the filesystem (fs.write), and interact with the GitHub API (net.fetch), allowing for the modification of repository configuration and CI/CD pipelines.
  • Sanitization: Absent. There are no checks to validate or sanitize content before it is written to sensitive repository paths such as .github/workflows/ or .github/ISSUE_TEMPLATE/.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 08:57 AM