ghpm-shared
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a shell script intended for installation as a 'UserPromptSubmit' hook in Claude Code's settings. This script runs on every prompt submission to provide state context from session files.
- [PROMPT_INJECTION]: The skill processes and displays data retrieved from external GitHub Projects, which creates an indirect prompt injection surface.
- Ingestion points: Data is fetched via the gh CLI and stored in .ghpm/cache.json and .ghpm/sessions/ files.
- Boundary markers: No explicit delimiters or instructions to ignore embedded content were found in the skill logic.
- Capability inventory: The skill executes commands (gh, git, and the shell hook) and performs file system operations (read/write/delete) in the .ghpm/ directory.
- Sanitization: The shell integration uses grep and sed with character exclusion patterns that offer some protection against command injection but do not prevent LLM instruction following.
Audit Metadata