github
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions for the agent to use the official
gh(GitHub CLI) utility to perform repository management and interaction tasks. - [EXTERNAL_DOWNLOADS]: Includes metadata to install the GitHub CLI using trusted system package managers like Homebrew (
brew) and APT. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from GitHub, creating a surface for indirect prompt injection.
- Ingestion points: Retrieves potentially malicious content from pull request titles, descriptions, issue comments, and workflow logs using commands like
gh pr view,gh issue list, andgh run view. - Boundary markers: Lacks specific instructions or delimiters (e.g., XML tags or clear labels) to help the agent distinguish between its system instructions and the external data being processed.
- Capability inventory: The agent has the authority to perform state-changing actions, such as commenting on or merging pull requests and creating issues, which could be exploited via injection.
- Sanitization: No methods for sanitizing, escaping, or validating the text fetched from GitHub are provided or suggested.
Audit Metadata