github-ops
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill uses standard GitHub MCP tools for legitimate repository operations including issue tracking, pull request management, and code search.
- [SAFE]: The skill follows security best practices by instructing the agent never to commit secrets, passwords, or API keys and requiring the use of branches rather than pushing directly to the main branch.
- [SAFE]: Environment variables (GITHUB_PERSONAL_ACCESS_TOKEN) are referenced as requirements for the environment configuration rather than being hardcoded within the skill content.
- [PROMPT_INJECTION]: While the skill processes untrusted data from GitHub (such as issue comments and PR descriptions) which presents a potential indirect prompt injection surface, this is an inherent characteristic of GitHub integration tools and no specific exploits or malicious instructions were found.
- Ingestion points: SKILL.md (via tool calls like list_issues, get_pr, get_file_contents)
- Boundary markers: None explicitly defined in instructions
- Capability inventory: create_or_update_file, merge_pull_request, trigger_workflow
- Sanitization: None specified
Audit Metadata