Skills
skills/nguyendinhquocx/code-ai/github-ops/Gen Agent Trust Hub

github-ops

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill has a high surface area for indirect prompt injection. \n
  • Ingestion points: The skill reads untrusted data from GitHub via gh pr view --comments, gh issue view --comments, gh pr diff, and gh run view --log. \n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are provided. \n
  • Capability inventory: The agent can merge code, modify repository secrets (gh secret set), and trigger workflows. \n
  • Sanitization: No content sanitization is mentioned before processing external data. \n- [Prompt Injection] (LOW): The skill includes instructions to bypass organizational policy (JIRA enforcement) by using the 'NOJIRA' prefix in PR titles. While this targets business logic rather than AI safety filters, it instructs the agent to circumvent established controls. \n- [Command Execution] (SAFE): The skill utilizes the gh CLI and system utilities like jq, parallel, and xargs for automation. These are used according to standard practices and do not involve remote code execution from untrusted URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 05:28 AM