Skills
skills/dalestudy/skills/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to perform various repository management tasks. It correctly identifies the risk of using unrestricted commands like gh api and provides a restricted set of allowed subcommands to maintain least-privilege access.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes data from external, potentially untrusted sources on GitHub.
  • Ingestion points: External data is ingested through commands like gh issue view, gh pr view, and gh run view --log which read user-generated content from issues, PRs, and logs.
  • Boundary markers: The skill does not define specific delimiters or instructions to treat fetched GitHub data as untrusted text.
  • Capability inventory: The skill has the capability to perform write operations, such as creating or editing issues and pull requests, which could be triggered by instructions embedded in external content.
  • Sanitization: No explicit sanitization or validation of the fetched remote content is implemented before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 07:34 PM