github-ops
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the GitHub CLI (
gh) through a Node.js script (scripts/main.cjs) usingspawnSync. The execution is configured withshell: false, which is a best practice that prevents shell injection vulnerabilities by passing arguments directly to the process. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection because its core functionality involves fetching and interpreting data from external repositories.
- Ingestion points: Repository file lists, file content, and metadata are ingested via
gh apiandgh search(seeSKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted data from the agent's instructions.
- Capability inventory: The skill has access to the
ghCLI and theBashandReadtools. - Sanitization: The
pre-execute.cjshook implements environment-specific safety by blocking Linux-specific constructs like/dev/stdinon Windows platforms.
Audit Metadata