githuman
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires running 'npx githuman', which downloads and executes code from the npm registry. The 'githuman' package is not associated with any of the trusted organizations listed in the security framework.
- COMMAND_EXECUTION (LOW): The skill executes various git commands ('git add', 'git commit') and the 'githuman' CLI to manage the review process.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data in the form of git diffs and code changes. 1. Ingestion points: Code changes in the repository (rules/review-workflow.md). 2. Boundary markers: No explicit markers or warnings to the agent to ignore instructions within the diffs are documented. 3. Capability inventory: The skill can commit changes to the repository and start a web server. 4. Sanitization: No sanitization of the code content is mentioned. There is a risk that instructions embedded in the code changes could be followed by the agent during the review process.
Audit Metadata