gh-cli
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions for commands that retrieve content from external GitHub repositories, creating an attack surface for indirect prompt injection. * Ingestion points: Content is retrieved from GitHub through commands such as
gh pr view,gh issue view, andgh run view --logas documented in SKILL.md. * Boundary markers: There are no instructions or delimiters provided to prevent the agent from following instructions embedded within the retrieved GitHub content. * Capability inventory: The skill documents capabilities that could be exploited by an injection, includinggh pr merge,gh pr create, andgh issue close. * Sanitization: The skill does not specify any sanitization or validation of the data retrieved from GitHub. - [NO_CODE]: The skill is entirely documentation-based and does not include any executable scripts, binaries, or configuration files.
Audit Metadata