Skills
skills/jackchuka/ghpm/ghpm-init/Gen Agent Trust Hub

ghpm-init

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple gh CLI commands to verify authentication and fetch project details, fields, and items. These are standard operations for the tool's purpose.
  • [PROMPT_INJECTION]: There is an indirect prompt injection surface as the skill processes project metadata from GitHub into local JSON files.
  • Ingestion points: GitHub project metadata and item lists fetched via the gh CLI.
  • Boundary markers: The skill relies on structured JSON output but does not explicitly define sanitization steps for the metadata values.
  • Capability inventory: Bash (specifically for gh and mkdir), Read, and Write operations.
  • Sanitization: None explicitly mentioned for the data fetched from the GitHub API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 03:35 PM