Skills
skills/malue-ai/dazee-small/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh CLI to interact with GitHub, which involves executing shell commands to fetch data and perform repository actions.
  • [EXTERNAL_DOWNLOADS]: Metadata provides installation instructions for the official GitHub CLI via brew and apt. As this targets a well-known and official tool, it is documented neutrally.
  • [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface because it retrieves data from external GitHub sources (e.g., issue titles, PR descriptions, and logs) that could be controlled by malicious actors.
  • Ingestion points: gh api, gh issue list, gh pr checks, and gh run view.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included.
  • Capability inventory: Execution of gh CLI commands which have network access and can modify repository states.
  • Sanitization: No sanitization or validation of the text content retrieved from GitHub is performed before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:19 PM