github-create-label
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation (SKILL.md and references/api_reference.md) and contains no executable scripts, binaries, or configuration files.
- [COMMAND_EXECUTION] (SAFE): The skill describes using the GitHub CLI (
gh) for label management. The suggested commands are legitimate, well-documented, and restricted to the stated purpose of the skill. - [EXTERNAL_DOWNLOADS] (SAFE): References to external tools are directed toward the official GitHub CLI website, which is a trusted source.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials or sensitive file paths are present. Examples for environment variables use placeholders like
ghp_xxxxxxxxxxxxxxxxxxxx. - [Indirect Prompt Injection] (SAFE):
- Ingestion points: User-provided inputs for label names, descriptions, and hex colors.
- Boundary markers: Not applicable as no code is provided; the documentation relies on the agent's internal tool-calling safety.
- Capability inventory: Ability to create labels via CLI or API.
- Sanitization: No sanitization logic is present because the skill lacks executable scripts.
Audit Metadata