github
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
ghCLI for various GitHub operations, including pull request management, issue tracking, and CI/CD workflow monitoring. - [EXTERNAL_DOWNLOADS]: The skill's metadata contains instructions to install the official GitHub CLI through standard, trusted package managers like Homebrew (
brew) and APT (apt). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it retrieves and processes content from external GitHub repositories.
- Ingestion points: Functions that read data from GitHub, such as
gh pr view,gh issue list, andgh run view, ingest untrusted strings from PR descriptions, issue comments, and logs. - Boundary markers: The provided templates do not include delimiters or instructions to ignore potential commands embedded in the fetched data.
- Capability inventory: The agent has the capability to write back to GitHub (creating issues/PRs, merging code, commenting) based on its interpretation of the ingested data.
- Sanitization: No evidence of sanitization or filtering of retrieved GitHub content was found in the skill definition.
Audit Metadata