github-pr-query
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script query-prs.sh executes the gh and jq binaries to retrieve and process data. All user-controllable input variables such as repo, state, limit, and jq filters are handled via a case-statement loop and are strictly double-quoted when used within the command execution and piping blocks. This implementation correctly prevents word-splitting and shell expansion vulnerabilities, ensuring that malicious strings cannot trigger unintended command execution.
- [DATA_EXFILTRATION]: The skill restricts its network operations to the official GitHub API through the authenticated gh CLI. It does not access sensitive local files (e.g., ~/.ssh or .env files) and does not perform any unauthorized data transmission to external or unknown domains.
Audit Metadata