GitHub Workflow
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the GitHub CLI (
gh) andgitvia shell commands to interact with repositories. These operations include viewing and editing issues, managing pull requests, and creating tags or releases. These are standard operations for the skill's stated purpose. - [SAFE]: Documentation across several sub-skills (e.g.,
gh-triage,gh-issue) includes specific input sanitization guidelines. These guidelines explicitly reject shell metacharacters and null bytes in fields like labels, titles, and repository names, demonstrating a security-conscious design. - [SAFE]: Several bash scripts (e.g.,
activity-summary.sh,repo-health.sh,release-notes.sh) are provided to aggregate repository data. These scripts use standard logic to parse git logs and CLI output, and do not contain obfuscated code or remote download triggers. - [SAFE]: The skill utilizes GitHub Model Context Protocol (MCP) tools for structured API interactions (e.g.,
mcp__github__create_issue), which provides a safer alternative to raw CLI execution for complex operations.
Audit Metadata