gh-cli
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines and facilitates the use of the GitHub CLI (
gh) to perform various repository management tasks, including issue tracking, pull request management, and API interactions. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to install third-party extensions using the
gh extension installcommand, specifically referencing an extension from an individual developer's repository (dlvhdr/gh-dash). - [REMOTE_CODE_EXECUTION]: Installing GitHub CLI extensions from third-party sources involves downloading and executing remote code on the local environment, which poses a security risk if the source is not verified or becomes compromised.
Audit Metadata