github
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the GitHub CLI (
gh) to perform repository management tasks like viewing PR status and listing workflow runs. This command execution is the primary functionality of the skill. - [EXTERNAL_DOWNLOADS]: The skill's metadata includes installation instructions for the
ghtool via well-known package managers such asbrewandapt. These are trusted sources. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it fetches and processes data from external, potentially untrusted sources (GitHub repositories).
- Ingestion points: Untrusted data such as PR titles, issue lists, and workflow logs are ingested into the agent context via
gh pr checks,gh api, andgh run view. - Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands in the fetched data.
- Capability inventory: The skill allows for various interactions with the GitHub API and CLI.
- Sanitization: There is no logic for sanitizing or escaping the retrieved content before it is processed by the agent.
Audit Metadata