ghx
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash arrays and dedicated argument flags (like
--body-file) to executeghCLI commands. This approach effectively prevents shell injection and word-splitting vulnerabilities when handling untrusted markdown content from GitHub. - [DATA_EXFILTRATION]: All network interactions are conducted through the official GitHub CLI tool using standard authentication. The skill does not communicate with any non-whitelisted domains or untrusted external endpoints.
- [REMOTE_CODE_EXECUTION]: The skill operates entirely using local shell scripts and pre-installed system utilities. No remote scripts or binary dependencies are downloaded or executed at runtime.
- [PROMPT_INJECTION]: The skill identifies the surface for indirect prompt injection when fetching data from GitHub (e.g., PR comments). It mitigates this risk by emphasizing structured data handling and providing guidance to the agent on using safe boundary markers for external content.
- [SAFE]: The codebase includes specific security hardening, such as the
resolve_output_path_for_readfunction, which performs path canonicalization and checks for directory traversal (..) attempts before accessing files.
Audit Metadata