Skills
skills/hamsurang/kit/gh-cli/Gen Agent Trust Hub

gh-cli

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of gh codespace ssh for remote terminal access and gh alias set for creating custom commands that can execute shell scripts using the ! prefix.
  • [DATA_EXFILTRATION]: Instructions include commands like gh secret set, gh variable set, and gh ssh-key add which are used to transmit sensitive credentials or configuration data to GitHub.
  • [CREDENTIALS_UNSAFE]: Documentation covers gh auth status --show-token and gh auth token which can output sensitive authentication tokens to the terminal context, as well as commands that access local sensitive files like ~/.ssh/id_ed25519.pub.
  • [PROMPT_INJECTION]: As the skill processes untrusted external data from GitHub (such as issue comments, PR descriptions, and workflow logs) and possesses significant administrative capabilities (repository deletion, secret modification), it presents a surface for indirect prompt injection. Ingestion points: gh pr list, gh issue view, gh run view --log. Boundary markers: None explicitly enforced in documentation. Capability inventory: gh repo delete, gh secret set, gh codespace ssh, gh api. Sanitization: Relies on standard CLI tool behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:26 AM