Skills
skills/github/gh-aw/gh-agent-task/Gen Agent Trust Hub

gh-agent-task

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the github/agent-task extension through the official GitHub CLI. This is a trusted vendor resource.
  • [COMMAND_EXECUTION]: The extension utilizes the gh command-line interface to interact with GitHub issues and pull requests as part of its documented functionality.
  • [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by processing natural language instructions from GitHub issues. 1. Ingestion points: GitHub issue descriptions and metadata via the gh-aw workflow integration. 2. Boundary markers: Utilizes a 'staged' mode and 'safe-outputs' configuration to preview and control agent behavior. 3. Capability inventory: Ability to create issues, update descriptions, and trigger automated pull requests via the GitHub CLI. 4. Sanitization: Relies on the user's manual review of generated code and the underlying Copilot service's safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:26 AM