gh-bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches configuration templates and GitHub Action workflows from established and reputable sources, including GitHub's official starter-workflows organization and popular open-source repositories (e.g., release-drafter, super-linter). These downloads are restricted to well-known infrastructure and do not include unverified third-party binaries.
- [COMMAND_EXECUTION]: Employs standard shell commands for routine maintenance tasks such as directory creation, file backups, and cloning template repositories into a temporary local cache. These operations are transparently defined within the skill's execution phases.
- [PROMPT_INJECTION]: No malicious behavior override markers or jailbreak attempts were identified. The skill utilizes a structured multi-phase architecture that isolates project detection, user collection, and file execution.
- [DATA_EXFILTRATION]: While the skill reads project metadata (such as package.json or git configuration) to personalize template variables, this data is used exclusively for local file generation and is not transmitted to unauthorized external domains.
Audit Metadata