api2cli-publish-to-github
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates workflows by executing local shell commands including
git init,git commit,git push, andgh repo create. - [DATA_EXFILTRATION]: The skill facilitates the transfer of local source code to GitHub's public or private servers. It contains explicit logic to mitigate data exposure by instructing the agent to exclude sensitive files such as
.env,node_modules, and token files from the upload process. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection via local project files.
- Ingestion points: The skill reads project metadata (name and description) from the
package.jsonfile located in~/.cli/. - Boundary markers: No boundary markers or specific delimiters are defined to separate the metadata from the shell command template.
- Capability inventory: The skill uses the extracted data to construct and execute subprocess calls via the GitHub CLI (
gh). - Sanitization: There is no evidence of input validation, escaping, or sanitization of the strings read from the local file before they are passed to the shell.
Audit Metadata