Skills
skills/oaustegard/claude-skills/accessing-github-repos/Gen Agent Trust Hub

accessing-github-repos

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes logic in the get_github_auth() function (SKILL.md) to scan and read sensitive local files, specifically /mnt/project/.env and /mnt/project/github.env, to harvest authentication tokens.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted content from external GitHub repositories into the agent's context, which can be leveraged for indirect prompt injection attacks.
  • Ingestion points: External content is retrieved via the GitHub API and raw file URLs in fetch_file() and fetch_repo_tarball() (SKILL.md).
  • Boundary markers: The instructions lack delimiters or system warnings to ignore potentially malicious instructions embedded in the fetched repository data.
  • Capability inventory: The skill provides capabilities to write to the local filesystem (SKILL.md, line 133) and update remote repository content via the GitHub API (push_file() in SKILL.md).
  • Sanitization: There is no evidence of validation or sanitization of the content fetched from GitHub before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 06:50 AM