Skills
skills/mitsuhiko/agent-commands/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

The skill SKILL.md provides instructions and examples for using the gh command-line interface to interact with GitHub. The content is purely descriptive and does not contain any executable scripts or code within the skill definition itself. All commands shown are standard gh CLI operations targeting the GitHub API, which is a trusted service.

  • Prompt Injection: No patterns indicative of prompt injection attempts were found. The instructions are clear and benign.
  • Data Exfiltration: The skill does not contain any commands that would read sensitive local files or exfiltrate data to untrusted external domains. All network interactions are implicitly with GitHub via the gh CLI.
  • Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected.
  • Unverifiable Dependencies: The skill relies on the gh CLI tool. While an external dependency, gh is the official GitHub CLI, widely trusted and maintained by GitHub. The skill does not instruct on its installation, but rather on its usage, assuming it's already present. This is considered a very low risk.
  • Privilege Escalation: No commands for privilege escalation (e.g., sudo, chmod 777) were found.
  • Persistence Mechanisms: No commands attempting to establish persistence (e.g., modifying shell profiles, creating cron jobs) were found.
  • Metadata Poisoning: The skill's metadata (name, description) is benign and accurately reflects its purpose.
  • Indirect Prompt Injection: As with any skill that interacts with external, user-generated content (like GitHub issues, PRs, or API responses), there's an inherent, general risk of indirect prompt injection if the LLM were to process malicious content from GitHub. However, this skill itself does not introduce a specific vulnerability in this regard; it merely provides the interface. This is an informational note about the nature of interacting with external data.
  • Time-Delayed / Conditional Attacks: No conditional logic or time-delayed triggers for malicious actions were identified.

Overall, the skill is a safe, instructional guide for using a legitimate and trusted tool.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 05:55 PM