github-research
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the scripts and instructions reveals no malicious intent or security vulnerabilities. The tool correctly implements a multi-phase research pipeline for repository analysis.
- [COMMAND_EXECUTION]: The skill executes subprocesses for git and gh CLI using list-based arguments, which prevents command injection. These calls are essential for cloning and querying GitHub and are implemented securely without the use of shell=True.
- [EXTERNAL_DOWNLOADS]: Data and code are retrieved from well-known and trusted sources, specifically GitHub and Papers With Code. The use of these external resources is consistent with the skill's primary research function and respects the [TRUST-SCOPE-RULE].
- [DATA_EXFILTRATION]: No sensitive local data is exfiltrated. Network operations are restricted to querying public APIs (GitHub, Papers With Code) for repository and paper information as part of the intended research workflow.
Audit Metadata