github-stars-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Employs browser automation via the chrome-cdp tool to interact with a local, authenticated GitHub session. This access is scoped strictly to the primary task of managing repository lists and requires manual enabling of remote debugging by the user.
- [PROMPT_INJECTION]: The skill ingests untrusted repository metadata (names and descriptions) from GitHub, creating a surface for indirect prompt injection. This is addressed by a two-pass classification algorithm that gates automated actions based on confidence levels.
- Ingestion points: Reads repository data from the GitHub Stars page.
- Boundary markers: None utilized.
- Capability inventory: Read and write access to GitHub lists via the browser automation session.
- Sanitization: Mitigated by a mandatory human-review process for all medium and low confidence assignments.
Audit Metadata