github-deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python helper script
scripts/github_api.pyto interact with the GitHub API. This is a functional requirement for analyzing repository metrics and history. - [EXTERNAL_DOWNLOADS]: The workflow involves fetching data from
api.github.comand performing web searches/fetches to gather research data. These network operations are strictly related to the information-gathering nature of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and summarizes untrusted content from external web pages and repository files. However, the risk is mitigated by the research-focused context and lack of high-privilege capabilities.
- [SAFE]: No indicators of malicious intent, such as hardcoded credentials, data exfiltration to unknown domains, or persistence mechanisms, were detected during the analysis.
Audit Metadata