mcp-github-ops
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external sources which could contain malicious instructions.
- Ingestion points: Step 1 of the procedure identifies the loading of issue/PR context, including titles, bodies, and files changed.
- Boundary markers: Absent; there are no delimiters or specific instructions to the agent to treat this data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill is granted broad permissions via Bash() and MCP(), including the ability to execute /pr commands and interact with the local worktree.
- Sanitization: No sanitization, validation, or escaping of the ingested content is specified in the procedure.
Audit Metadata