Skills
skills/beeman/skills/gh-plan-review/Gen Agent Trust Hub

gh-plan-review

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard gh and git commands to inspect repository and issue state. These are used strictly for information gathering and analysis.\n- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface shows that while the skill reads external content from GitHub issues and pull requests, the lack of write or execution capabilities mitigates potential risks.\n
  • Ingestion points: Untrusted content is ingested via gh issue view, gh pr view, and git diff as specified in SKILL.md.\n
  • Boundary markers: The skill does not currently define specific delimiters for separating untrusted content from its internal instructions.\n
  • Capability inventory: The skill is explicitly restricted to read-only operations, with clear instructions to avoid mutation tools like gh-commit or gh-pr-create.\n
  • Sanitization: No explicit sanitization or filtering of the content retrieved from GitHub is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 11:11 PM