codespaces-secret-sync
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/sync_codespaces_secret_repos.py executes the gh command-line tool using subprocess.run to perform GitHub API operations. The implementation uses list-based arguments, which prevents command injection vulnerabilities.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and prints resource names (secrets and repositories) from the GitHub API. * Ingestion points: Data is retrieved from the GitHub API in the list_secret_names and get_secret_repo_map functions in scripts/sync_codespaces_secret_repos.py. * Boundary markers: There are no delimiters or explicit warnings used when printing names to the console. * Capability inventory: The script can modify repository access permissions for GitHub secrets via the gh api. * Sanitization: The script does not perform sanitization or escaping of the resource names fetched from external sources before outputting them.
Audit Metadata