github-content
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest data from untrusted external sources (GitHub repositories).
- Ingestion points: Data is pulled into the agent's context via
gh issue view,gh pr view, andgh apicontent requests. - Boundary markers: The skill lacks delimiters or explicit instructions for the agent to ignore any natural language instructions contained within the fetched GitHub content.
- Capability inventory: The agent has the capability to execute shell commands (
ghCLI) and potentially other system operations depending on broader agent permissions. - Sanitization: There is no evidence of sanitization or filtering of the fetched content before it is processed by the agent.
Audit Metadata