github-contributor
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructional markdown guides and communication templates for interacting with open-source projects.
- [SAFE]: All suggested automation uses the official GitHub CLI (gh), which is a well-known and trusted tool for repository management.
- [DATA_EXFILTRATION]: The instructions in SKILL.md and references/pr_checklist.md explicitly mandate the redaction of sensitive information, such as local absolute paths, tokens, secrets, and internal hostnames, from any logs or screenshots shared in pull requests to prevent accidental data exposure.
- [PROMPT_INJECTION]: The skill involves fetching and reading untrusted content from GitHub (issue descriptions, repository metadata) via ingestion points like 'gh search issues' and 'gh repo view' (SKILL.md, project_evaluation.md). While specific boundary markers are absent in the templates, the skill provides no capabilities to execute this data as code, and it includes reminders for verification and manual review to mitigate potential indirect prompt injection risks.
Audit Metadata