github-projects
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 2: Data Exposure & Exfiltration (SAFE): No credentials or sensitive local file paths are accessed. All network interaction is performed via the official GitHub CLI (gh) to GitHub's own infrastructure.
- Category 4: Unverifiable Dependencies (SAFE): The skill does not install external packages or execute remote scripts. It relies on pre-installed system tools like gh, jq, and bash.
- Category 5: Privilege Escalation (SAFE): The skill mentions 'gh auth refresh' to add necessary API scopes, which is a standard procedure for this tool and does not affect system-level privileges.
- Category 8: Indirect Prompt Injection (LOW): The skill reads data from GitHub items which could contain malicious instructions. However, the use of structured JSON parsing and unique IDs for operations significantly mitigates the risk of these instructions influencing agent behavior or leading to unauthorized command execution.
- Ingestion points:
gh project item-listandgh project field-listused inreferences/items.mdandreferences/fields.md. - Boundary markers: None (standard CLI interaction).
- Capability inventory: Creation, modification, and deletion of project items and fields via
gh projectsubcommands. - Sanitization: The skill uses
jqto parse structured JSON output from the CLI, which ensures data is handled as fields rather than executable instructions.
Audit Metadata