Skills
skills/kang-chen/agent-skills/git/Gen Agent Trust Hub

git

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the --admin flag with the GitHub CLI (gh pr merge --merge --admin) specifically to bypass branch protections. This directs the agent to override repository safety mechanisms, such as required approvals or status checks, which could facilitate the merging of unvetted or malicious code.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to fetch and process data from external Pull Requests and Issues.
  • Ingestion points: Data enters the context via gh pr view and gh issue view commands as specified in SKILL.md.
  • Boundary markers: No delimiters or warnings are provided to the agent to disregard instructions potentially embedded within the fetched PR or issue content.
  • Capability inventory: The agent is given the capability to modify the repository state through the gh pr merge command.
  • Sanitization: The skill does not include any logic for sanitizing or validating external input before it is used to inform the agent's actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 08:44 PM