github-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill correctly identifies the need for authentication using the GITHUB_TOKEN environment variable and contains no hardcoded secrets or malicious instructions.\n- [NO_CODE]: The provided skill is a documentation-only definition for MCP tools and does not include any executable scripts or binary code.\n- [PROMPT_INJECTION]: The skill defines an interface that is susceptible to indirect prompt injection by reading untrusted content from external repositories. This is documented as an architectural risk surface.\n
- Ingestion points: The get_file_contents tool in SKILL.md ingests untrusted data from GitHub repositories.\n
- Boundary markers: The tool definitions do not specify delimiters or instructions for the agent to ignore embedded commands.\n
- Capability inventory: The skill includes write capabilities such as push_files, create_issue, and create_pull_request in SKILL.md, which create an exploitable feedback loop if an agent obeys injected instructions.\n
- Sanitization: No sanitization or validation of the retrieved repository content is described in the tool configuration.
Audit Metadata