github-project-management
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill dynamically downloads and executes the 'ruv-swarm' and 'claude-flow' packages from npm using npx commands.
- [COMMAND_EXECUTION]: Extensive use of shell execution via bash is employed to interact with the GitHub CLI ('gh'), handle JSON data with 'jq', and automate project board management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it parses and acts upon data from GitHub issue titles, bodies, and comments.
- Ingestion points: External data enters through 'gh issue view', 'gh issue list', and project item summaries.
- Boundary markers: No markers or delimiters are used to isolate untrusted data from instructions in the coordination logic.
- Capability inventory: The agent has permissions to modify GitHub repositories, access the file system (Read/Write), and execute remote packages.
- Sanitization: No evidence of content sanitization or instruction filtering is present before the swarm processes the untrusted issue content.
Audit Metadata