Skills
skills/jwynia/the-kepler-testimonies/github-agile/Gen Agent Trust Hub

github-agile

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts gh-audit.ts, gh-init-project.ts, gh-sync-context.ts, and gh-verify.ts utilize Deno's Deno.Command API to execute system binaries for gh (GitHub CLI) and git. These operations are essential for the skill's documented purpose of managing GitHub resources and repository state.
  • [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md provides guidance for installing the official GitHub CLI tool via standard platform package managers such as Homebrew (macOS), apt (Linux), and winget (Windows).
  • [PROMPT_INJECTION]: The gh-sync-context.ts script fetches content from GitHub issues and pull requests to update local documentation files. This represents an indirect prompt injection surface; however, the skill incorporates mitigations such as markdown code blocks to encapsulate external data and character truncation for previews, reducing the risk of the agent misinterpreting ingested data as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:35 PM