github
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the GitHub CLI (
gh) to perform repository operations including pull request management, issue tracking, and workflow monitoring. This is the intended and documented behavior of the tool. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from GitHub that could contain malicious instructions.
- Ingestion points:
gh pr view,gh issue list, andgh apicalls inSKILL.mdfetch content from external PRs and issues. - Boundary markers: No explicit delimiters or boundary instructions are used in the summary templates to isolate external data from the agent's instructions.
- Capability inventory: The skill allows for significant repository modifications, such as merging pull requests and closing issues, which could be triggered by injected instructions.
- Sanitization: There is no evidence of sanitization or filtering for the natural language content (titles, bodies) retrieved from the GitHub API.
Audit Metadata