github
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill securely manages GitHub authentication by retrieving the Personal Access Token from environment variables (GITHUB_TOKEN) or the OpenClaw configuration file, avoiding hardcoded secrets in the code.
- [EXTERNAL_DOWNLOADS]: All network operations are directed to the official GitHub API domain (api.github.com), which is a trusted and well-known service necessary for the skill's intended functionality.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes data from an external source (GitHub). Ingestion points: repository metadata, issue titles/bodies, and commit messages fetched in 'src/api.ts'. Boundary markers: none used when presenting data to the agent. Capability inventory: state-changing actions include 'createIssue', 'createRepo', and 'createPullRequest'. Sanitization: no explicit validation or filtering of retrieved content is implemented.
Audit Metadata