github
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill dynamically downloads the @modelcontextprotocol/server-github package from the npm registry via npx. This is the official server for GitHub interaction under the Model Context Protocol.\n- [COMMAND_EXECUTION]: The Bun script executes npx in a stdio-based sub-process to run the GitHub MCP server.\n- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it retrieves data from external repositories that could contain malicious instructions.\n
- Ingestion points: Repository content is retrieved via tools like get-file-contents, get-issue, and search-code in scripts/github.ts.\n
- Boundary markers: No delimiters or security-focused instructions are added to tool-call prompts to prevent the agent from obeying instructions in fetched data.\n
- Capability inventory: The skill allows significant repository changes, including file modification (create-or-update-file, push-files) and pull request management (merge-pull-request) as defined in scripts/github.ts.\n
- Sanitization: No sanitization or filtering is performed on the data returned from GitHub before it is processed by the agent.
Audit Metadata