github-monitor
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using the GitHub CLI (
gh api) to retrieve repository data, commit history, and README files. It also usespython3 -cto execute a dynamic script for Twitter interaction. - [CREDENTIALS_UNSAFE]: The skill's publishing logic specifically loads sensitive authentication data from
twitter_cookies.json. Accessing credential-laden files like browser cookies or session tokens is a high-risk operation that requires strict environment control. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) by processing untrusted data from external sources.
- Ingestion points: Fetches raw repository README content using
gh apiand decodes it from Base64. - Boundary markers: There are no explicit delimiters or instructions provided to the LLM to ignore malicious commands embedded within the fetched README text.
- Capability inventory: The agent has the ability to execute shell commands, read local files, and post content to public social media platforms (Reddit/Twitter).
- Sanitization: No automated sanitization or filtering is performed on the ingested content; the skill relies entirely on a manual user 'approval flow' to mitigate malicious output.
Audit Metadata