github
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves data from external, potentially untrusted sources like GitHub issues, pull requests, and workflow logs.
- Ingestion points: Data enters the agent context through 'gh pr view', 'gh issue list', and 'gh api' commands.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' prompts are present to prevent the agent from executing instructions found in external data.
- Capability inventory: The skill has write capabilities, including merging pull requests and creating issues.
- Sanitization: External content is not sanitized or filtered before being processed.
- [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of the GitHub CLI tool.
- It utilizes standard package managers like Homebrew ('brew') and APT ('apt') to install 'gh', which is a well-known tool from a trusted organization.
Audit Metadata