Skills
skills/gwenwindflower/.charmschool/gh-cli-use/Gen Agent Trust Hub

gh-cli-use

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of GitHub CLI commands for repository, issue, and workflow management. It includes safety protocols in SKILL.md such as "No destructive commands without explicit user instruction" and "Read before write" to mitigate the risks associated with operations like gh pr merge and gh issue close.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external data from GitHub. \n
  • Ingestion points: Commands described in SKILL.md such as gh issue view, gh pr view, gh pr diff, and gh run view fetch content from potentially untrusted contributors. \n
  • Boundary markers: The skill files SKILL.md and gh-cli-guide.md do not specify the use of delimiters or provide instructions to the agent to ignore embedded commands in external data. \n
  • Capability inventory: The skill provides write access through commands like gh pr merge, gh issue close, and gh workflow run, which are documented in both SKILL.md and gh-cli-guide.md. \n
  • Sanitization: No mechanisms for sanitizing or validating content retrieved from GitHub are defined in the skill documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 04:52 AM