Skills
NYC
skills/bahayonghang/my-claude-code-settings/github-to-skills/Gen Agent Trust Hub

github-to-skills

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The create_github_skill.py script generates a Python wrapper by interpolating a repository name into a template. Since the name is derived from the URL without escaping, a crafted URL can inject Python code into the generated file.
  • [Indirect Prompt Injection] (LOW): The skill fetches README content from untrusted GitHub repositories and embeds it into the documentation of the new skill. Evidence: 1. Ingestion: README via fetch_github_info.py. 2. Boundary markers: None used. 3. Capability: Generated skills are executable by the agent. 4. Sanitization: None performed.
  • [Command Execution] (SAFE): The script fetch_github_info.py safely invokes the git command using a list of arguments, which prevents shell injection from the user-provided URL.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:33 PM