GitHub
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ghcommand-line tool to perform repository management tasks, such as checking PR status and workflow runs. These commands are standard for the tool's intended purpose. - [EXTERNAL_DOWNLOADS]: The skill's metadata includes installation commands for the
ghbinary via trusted package managers (Homebrew and APT). References to GitHub's official tools and API are documented as safe. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection (Category 8).
- Ingestion points: Data is ingested from external repositories via
gh run view --log-failed(workflow logs) andgh issue list(issue content). - Boundary markers: No explicit delimiters or instructions are used to distinguish the fetched data from the agent's core instructions.
- Capability inventory: The skill enables execution of various
ghsubcommands, which could be manipulated if the agent follows instructions found within fetched logs or issue titles. - Sanitization: No evidence of sanitization or filtering of the content retrieved from GitHub is present.
Audit Metadata