github-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection through Gist data. The skill enables the agent to read content from Gists, which are external and potentially attacker-controlled sources. 1. Ingestion points: Gist reading/writing mentioned in instructions. 2. Boundary markers: None provided to distinguish Gist content from system instructions. 3. Capability inventory: Access to GitHub authentication tokens and Gist write capabilities. 4. Sanitization: No instructions provided for sanitizing or validating external Gist content.
- [NO_CODE] (SAFE): The skill consists exclusively of markdown instructions and does not include any executable scripts, binary files, or configuration files that could pose a direct execution risk.
Audit Metadata