github
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from GitHub repositories which could contain malicious instructions. * Ingestion points: The gh api, gh issue list, and gh run view commands in SKILL.md fetch external data such as issue titles, PR bodies, and workflow logs. * Boundary markers: Absent; there are no delimiters or instructions provided to distinguish between the skill's logic and the data fetched from GitHub. * Capability inventory: The skill executes the gh CLI which can read and write repository data. * Sanitization: Absent; the output of the CLI commands is passed to the agent without filtering for potential prompt injection content.
Audit Metadata