project-tracking
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for repository and project management using official tools and follows standard development workflows.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the GitHub CLI (
gh) and Git (git remote). These commands are strictly scoped to project, issue, and label management, which is the stated purpose of the skill. No evidence of arbitrary or malicious command execution was found. - [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. The skill reads repository metadata and project IDs, which it then stores in a local memory system ("engram") for persistence. Interactions with GitHub occur through the user's authenticated CLI environment.
- [PROMPT_INJECTION]: The skill does not contain instructions to bypass safety filters or override system prompts. While it processes external data such as issue descriptions and titles, this is handled as data for project management rather than instructions to be executed by the agent.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets or request the user to input passwords. It correctly identifies and informs the user about GitHub token scope requirements (e.g., Fine-grained PAT limitations) without attempting to harvest or expose them.
Audit Metadata