Skills
skills/github/gh-aw/github-discussion-query/Gen Agent Trust Hub

github-discussion-query

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and the jq utility to fetch and transform data. Evidence is present in query-discussions.py and query-discussions.sh. Implementation uses safe argument passing (list-based in Python, quoted variables in Shell) to mitigate command injection risks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from GitHub discussions.
  • Ingestion points: Untrusted content is ingested from GitHub discussions via the gh CLI in both the Python and Shell implementations.
  • Boundary markers: No specific delimiters or boundary instructions are used to separate external discussion content from agent instructions.
  • Capability inventory: The skill possesses the capability to execute system commands (gh, jq) via subprocess calls.
  • Sanitization: Discussion metadata and body content are returned to the agent without sanitization or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:16 PM