github-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from GitHub. \n
- Ingestion points: Search results from GitHub (code, issues, PRs) via
scripts/mcp/github_search.py. \n - Boundary markers: No explicit delimiters or boundary markers are defined in the skill instructions to separate external data from system instructions. \n
- Capability inventory: The agent is allowed to use
BashandReadtools, increasing the risk if search results contain malicious commands the agent might be tricked into executing. \n - Sanitization: The skill documentation does not mention any sanitization or filtering of the fetched GitHub content.
Audit Metadata