Skills
skills/oaustegard/claude-skills/githubbing/Gen Agent Trust Hub

githubbing

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/install-gh.sh script performs administrative operations, such as creating system directories in /etc/apt/keyrings and writing to /etc/apt/sources.list.d.
  • [EXTERNAL_DOWNLOADS]: Fetches an official GPG keyring from cli.github.com to verify the authenticity of the GitHub CLI packages.
  • [COMMAND_EXECUTION]: Triggers system-wide package updates and installations using apt update and apt install gh, which modifies the environment's software state.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to ingest untrusted data from GitHub repositories.
  • Ingestion points: Data enters the context via the gh tool when reading issues, pull requests, or repository content (as described in SKILL.md).
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when processing retrieved content.
  • Capability inventory: The skill has the capability to write to repositories, access the network, and modify environment variables (GH_TOKEN).
  • Sanitization: No sanitization or validation of the content retrieved from GitHub is performed before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 11:22 PM