ghpm-view
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the GitHub CLI tool (gh) via Bash to retrieve project information. This is expected functionality for a GitHub project management tool.
- [PROMPT_INJECTION]: The skill processes user-supplied natural language and external data from GitHub project items, which creates a vulnerability surface for indirect prompt injection.
- Ingestion points: User-provided ad-hoc filter strings and GitHub project item content (titles and field values) retrieved via the gh tool in SKILL.md.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are defined in the provided file.
- Capability inventory: Bash(gh:*), Read, and Grep tools are accessible to the skill.
- Sanitization: Input is normalized (lowercase, punctuation stripped) and matched against whitelisted field names from .ghpm/config.json to resolve filters.
Audit Metadata