github-codebase-briefing
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to perform a series of read-only operations to analyze a codebase. This includes retrieving repository metadata (gh repo view), structural information via the GitHub API (gh api), and detailed lists of issues and pull requests (gh issue list,gh pr list). These operations are consistent with the skill's stated purpose of providing a codebase briefing. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes untrusted content from external GitHub repositories.
- Ingestion points: Untrusted data enters the agent context through issue bodies, pull request descriptions, diffs (
gh pr diff), and repository files likeREADME.mdor manifests (e.g.,package.json,pyproject.toml). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing external content.
- Capability inventory: The skill's primary capabilities are reading file contents and repository metadata using the
ghCLI. - Sanitization: There is no explicit sanitization or filtering of the fetched GitHub data before it is analyzed by the agent, though the skill does include a 'logic check' step to manually scan for security concerns like credentials or injection keywords.
Audit Metadata