Skills
skills/glebis/claude-skills/github-gist/Gen Agent Trust Hub

github-gist

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION] (LOW): The skill is designed to read local files and transmit their contents to GitHub. While this is the primary purpose, it facilitates the exfiltration of sensitive data (e.g., SSH keys, credentials) if the agent is manipulated into targeting sensitive paths. This is downgraded to LOW as it is the core functionality of the tool.
  • [COMMAND_EXECUTION] (LOW): The script scripts/publish_gist.py uses subprocess.run to interact with the gh CLI and system-level file openers (open, xdg-open). While parameters are passed as lists to prevent shell injection, the Windows implementation uses shell=True with the start command, which is a minor security risk if the output URL from the GitHub API were ever compromised or spoofed.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from local files or stdin and processes it within the agent's context.
  • Ingestion points: scripts/publish_gist.py reads data from paths provided in arguments or via sys.stdin.read().
  • Boundary markers: None. File content is read and processed without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill can read any file reachable by the user, execute the gh CLI via subprocess, and make network POST requests to api.github.com.
  • Sanitization: None. The content is passed directly to the GitHub API or CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM