github-commit-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill facilitates downloads of commit patches and repository data from
github.comandapi.github.com. These are trusted external sources for this context. - [COMMAND_EXECUTION] (SAFE): The skill utilizes standard system utilities including
git,curl, andjqfor repository management and data parsing. No arbitrary command execution patterns were found. - [PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Commit content, patches, and diffs are retrieved from external, potentially attacker-controlled GitHub repositories in
SKILL.md. - Boundary markers: Absent. The skill does not implement delimiters or warnings to ignore instructions embedded within the retrieved commit data.
- Capability inventory: The skill can perform network requests (
curl,requests.get), git operations (git fetch), and local file writes. - Sanitization: Absent. The skill writes raw commit content to disk without validation or escaping.
- [CREDENTIALS_UNSAFE] (SAFE): While the skill mentions and uses
$GITHUB_TOKEN, it does so via environment variable references. No hardcoded secrets or sensitive keys were detected.
Audit Metadata