Skills
skills/ericmjl/skills/gh-daily-timeline/Gen Agent Trust Hub

gh-daily-timeline

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [Prompt Injection] (MEDIUM): Potential for Indirect Prompt Injection through processed GitHub data.
  • Ingestion points: The gh-activity.sh script retrieves data from gh api /users/{username}/events and gh api /repos/{repo}/compare/..., including commit messages, issue titles, and PR titles.
  • Boundary markers: Absent. The script prints the data directly into the output stream without using XML tags, delimiters, or system instructions to ignore content within the report.
  • Capability inventory: The script itself performs read-only API calls and basic text processing, but the agent receiving this output likely possesses tools for code execution or file system access.
  • Sanitization: No sanitization or validation is performed on the strings retrieved from GitHub before they are presented to the agent.
  • [Command Execution] (LOW): The script executes the gh and jq commands using variables derived from API responses (such as repository names). While the variables are double-quoted to prevent standard shell injection, this pattern relies on the external data source being well-formatted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:14 AM