github-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): High-risk attack surface combining untrusted data ingestion with powerful write capabilities.
- Ingestion points: SKILL.md uses
gh issue view,gh pr view, andgh pr diffto pull external text into the agent context. - Boundary markers: Absent; no instructions provided to treat external output as untrusted or to use delimiters.
- Capability inventory: SKILL.md provides tools for
gh pr merge,gh pr edit,gh issue edit, andgit push. - Sanitization: Absent; content from the GitHub API is processed without validation or filtering.
Recommendations
- AI detected serious security threats
Audit Metadata