Skills
skills/openharmonyinsight/openharmony-skills/gitcode-cli/Gen Agent Trust Hub

gitcode-cli

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted repository data.
  • Ingestion points: Commands such as oh-gc issue:view, oh-gc pr:view, and oh-gc pr:comments ingest external text from issues, pull requests, and comments into the agent's processing context.
  • Boundary markers: No delimiters or specific instructions are provided to help the agent distinguish between data and embedded instructions within the ingested content.
  • Capability inventory: The skill provides high-privilege capabilities including merging pull requests (oh-gc pr:merge), creating releases (oh-gc release:create), and modifying PR metadata.
  • Sanitization: There is no evidence of content sanitization or instruction filtering before the external data is presented to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the @oh-gc/cli package from the npm registry. This package is the official command-line utility for the GitCode platform and is maintained by the vendor.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:45 PM