github
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of GitHub CLI (gh) commands via the Bash tool to perform repository management, pull request operations, and workflow triggers.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and processes untrusted data from GitHub through commands like gh pr view, gh issue view, and gh run view --log.
- Ingestion points: Commands such as gh pr view (references/pr.md), gh issue view (references/issues.md), and gh run view (references/actions.md) ingest external content from GitHub which may contain malicious instructions.
- Boundary markers: The skill templates do not define explicit delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: The agent possesses significant capabilities to modify repositories, merge pull requests, and trigger GitHub Actions via the Bash tool.
- Sanitization: No sanitization or filtering of external content is performed before it is presented to the agent's context.
Audit Metadata