github-api
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill is composed entirely of Markdown documentation files. It contains no executable scripts, binary files, or configuration files that would be automatically executed by an environment.
- COMMAND_EXECUTION (SAFE): All command-line examples provided (e.g.,
gh api,curl,jq) are standard tools for interacting with the GitHub API. The shell snippets for automation, such as cleaning up artifacts or merging PRs, are legitimate administrative scripts intended for use by an authorized agent. - CREDENTIALS_UNSAFE (SAFE): The skill does not contain any hardcoded secrets. It provides clear instructions on authentication and uses placeholders like
YOUR_TOKEN,INSTALLATION_TOKEN, andSECRET_NAMEfor user-provided credentials. - Indirect Prompt Injection (SAFE): Although the skill involves reading data from external sources such as GitHub issues and pull requests, it does not include logic for the automated execution of untrusted content. It serves as a manual or agent reference for performing authorized API operations.
Audit Metadata