github
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by ingesting and acting upon untrusted data from the GitHub platform.
- Ingestion points: Commands such as
gh issue view,gh pr view, andgh search coderetrieve external content (issue bodies, comments, PR diffs, or code) into the agent's context. - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent treats external content strictly as data rather than instructions.
- Capability inventory: The skill includes powerful write operations like
gh workflow run,gh pr merge, andgh issue editwhich could be manipulated via successful injection. - Sanitization: The skill does not implement or recommend any sanitization or validation of the content retrieved from GitHub.
- [Command Execution] (SAFE): The skill's primary function is the execution of
ghCLI commands. It also suggests standard installation procedures via system package managers (brew,apt,dnf,winget). These operations are consistent with the skill's documented purpose.
Audit Metadata