Skills
skills/proffesor-for-testing/agentic-qe/qe-github-multi-repo/Gen Agent Trust Hub

qe-github-multi-repo

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the gh (GitHub) CLI, git, and npm to automate repository management.
  • It executes gh repo list and gh api to discover and inspect organization resources.
  • It performs local file operations in /tmp/ to clone and modify repository contents.
  • It automates the creation of pull requests and issues using gh pr create and gh issue create.
  • [EXTERNAL_DOWNLOADS]: The skill clones external code from GitHub repositories using the gh repo clone command.
  • This behavior is central to the skill's purpose of cross-repository coordination.
  • It utilizes standard GitHub APIs and official CLI tools for all network operations.
  • [REMOTE_CODE_EXECUTION]: The skill executes npm install, npm test, and npm audit fix on code cloned from external repositories.
  • This constitutes execution of potentially untrusted code found in the target repositories.
  • The documentation includes examples of running npx ruv-swarm, which is a package associated with the vendor's ecosystem.
  • [PROMPT_INJECTION]: The skill includes a high-risk surface for indirect prompt injection (Category 8).
  • Ingestion points: Reads package.json and CLAUDE.md files from GitHub repositories, and processes output from gh search.
  • Boundary markers: No explicit delimiters are used to separate untrusted repository content from internal agent instructions.
  • Capability inventory: Full access to shell execution (bash), package management (npm), and repository modification (git push, gh api PUT).
  • Sanitization: Uses jq to parse structured JSON data, reducing the risk of shell injection during metadata processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 06:09 PM