github
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the GitHub CLI (gh) to perform repository management, automate workflows, and interact with the GitHub API. While these are powerful capabilities, they are consistent with the skill's intended purpose.
- [PROMPT_INJECTION]: The skill facilitates reading untrusted data from GitHub (e.g., issue bodies, PR comments, and CI logs). Because the agent lacks explicit instructions to ignore embedded commands in this data, it is vulnerable to indirect prompt injection. Evidence: 1. Ingestion points: gh issue view, gh pr view, gh run view --log. 2. Boundary markers: Absent. 3. Capability inventory: gh pr merge, gh workflow run, gh repo delete. 4. Sanitization: Absent.
Audit Metadata