Skills
skills/aws-samples/sample-strands-agent-with-agentcore/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
  • Ingestion points: External content is brought into the agent's context through tools like github_get_issue, github_get_pull, and github_get_file.
  • Boundary markers: The instructions do not define specific delimiters or separators to isolate retrieved content from the agent's system instructions.
  • Capability inventory: The skill possesses sensitive capabilities, including github_push_files and github_create_pull_request.
  • Sanitization: No sanitization or content filtering is specified for the data retrieved from GitHub.
  • Note: The risk of unauthorized actions resulting from an injection is significantly reduced by the built-in requirement for user approval before any write operations are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:10 AM