Skills
skills/lambda-curry/devagent/GitHub CLI Operations/Gen Agent Trust Hub

GitHub CLI Operations

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface. It is designed to ingest and process attacker-controlled content from GitHub Pull Requests (titles, bodies, and comments) to perform actions like extracting issue IDs and interacting with the Linear platform.
  • Ingestion points: Data is fetched via gh pr view commands in SKILL.md which extract the title and body fields.
  • Boundary markers: There are no instructions provided to the agent to treat this external data as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill description explicitly mentions creating PR comments and integrating with Linear MCP functions based on the ingested data.
  • Sanitization: No sanitization or validation logic is defined for the extracted strings before they are used in downstream logic.
  • [COMMAND_EXECUTION] (MEDIUM): The skill relies on the execution of the GitHub CLI (gh) and shell utilities like grep through the system shell.
  • Evidence: Examples in SKILL.md show direct usage of gh pr view ... | grep -oE. This increases the risk that an agent might be manipulated into executing broader, unintended shell commands if the prompt context is not strictly controlled.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:59 AM