analyze-github
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones remote source code from GitHub using
git cloneandgh repo cloneto the$HOME/temp/directory. These operations target well-known repositories and are essential to the skill's primary function. - [COMMAND_EXECUTION]: Executes shell commands via
bashto handle repository cloning, directory management, and timestamp generation. The commands are standard automation tasks for developer workflows. - [DATA_EXFILTRATION]: Analyzes project contents, GitHub issues, and discussions to generate a local markdown report. The processed data remains within the local environment and the analysis output is written to the current working directory.
- [PROMPT_INJECTION]: The skill processes untrusted external data (project source code and community feedback) which serves as a potential surface for indirect prompt injection. However, this is inherent to the nature of a code analysis tool and the skill does not grant the analyzed content any elevated privileges.
Audit Metadata