github-presence
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any malicious code, obfuscation, or direct prompt injection attempts. Its behavior is consistent with its stated purpose of providing GitHub optimization advice.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by recommending the use of GitHub Secrets syntax (e.g.,
${{ secrets.METRICS_TOKEN }}) in its workflow templates rather than hardcoding sensitive information. - [EXTERNAL_DOWNLOADS]: All external references and templates point to well-known and trusted services such as Shields.io, Vercel, and official GitHub Actions (e.g.,
actions/checkout), which are documented neutrally as standard project dependencies. - [PROMPT_INJECTION]: The skill presents a low risk of indirect prompt injection during the 'README Audit' task, where it may process untrusted content from external repositories.
- Ingestion points: External repository README files and issue/PR descriptions.
- Boundary markers: None explicitly defined in the templates.
- Capability inventory: The skill provides instructions and text-based suggestions but does not include scripts that execute system commands or perform network operations.
- Sanitization: None specified for input processing.
Audit Metadata