Skills
skills/pamelafox/presentation-skills/discussion-commenter/Gen Agent Trust Hub

discussion-commenter

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) using subprocess.run. It correctly passes arguments as a list rather than a single string, which prevents shell command injection vulnerabilities.
  • [DATA_EXFILTRATION]: The script reads local markdown files and transmits their contents to GitHub Discussions via the GraphQL API. This behavior is consistent with the skill's documented purpose and utilizes authenticated official tools for data transport.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from markdown files and posts it to an external platform where it could be processed by other agents or users.
  • Ingestion points: The post_qas.py script reads the local markdown file provided in the writeup_path argument.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are used when formatting the comment body.
  • Capability inventory: The skill has the capability to write data to external GitHub repositories using the gh api command.
  • Sanitization: The script performs structural parsing of the markdown (headers and subheaders) but does not sanitize or validate the actual text content of the Q&A bodies before posting.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:35 PM