Skills
NYC
skills/hairyf/skills/github-cli/Gen Agent Trust Hub

github-cli

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (HIGH): The installation guide in references/core-install.md instructs users to download a GPG key via curl and pipe it directly to a sudo command (curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd ...). This pattern allows for the execution of untrusted remote content with root privileges.
  • Privilege Escalation (HIGH): The skill frequently advocates for the use of sudo for installation and repository configuration (references/core-install.md), which increases the risk of privilege escalation if the commands or the environment are compromised.
  • Dynamic Execution (MEDIUM): The documentation covers gh extension install and gh extension exec (references/features-search-api-misc.md), which facilitate the installation and runtime execution of arbitrary third-party code. It also includes gh codespace ssh --command, which executes arbitrary commands in a remote environment.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: Untrusted data enters the context via gh issue view, gh pr view, gh run view --log, gh search code, and gh gist view (referenced in multiple files including references/core-issue-pr-advanced.md and references/features-actions-secrets.md).
  • Boundary markers: Absent. There are no instructions for the agent to treat output from these commands as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent has access to gh api (raw API access), gh secret set (secret management), gh extension install (arbitrary code), and gh pr merge/rebase (repository state changes).
  • Sanitization: Absent. Content is processed and displayed directly without filtering or escaping.
  • Data Exposure & Exfiltration (LOW): The skill explicitly discusses handling sensitive information such as GH_TOKEN, SSH keys, and GPG keys (references/core-auth-config.md, references/features-search-api-misc.md). While this is intrinsic to the tool's purpose, the combination of sensitive data access with powerful network capabilities (gh api, gh release upload) creates a risk for data exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:19 PM