Skills
skills/range3/agent-skills/github-investigator/Gen Agent Trust Hub

github-investigator

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh command-line tool via Bash to interact with GitHub repositories. It executes searches and retrieves details based on keywords and repository names provided by the user.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub, which constitutes an indirect prompt injection surface.
  • Ingestion points: Data is ingested from GitHub using commands like gh search and gh view to read issue bodies, pull request descriptions, and comments.
  • Boundary markers: The skill does not implement specific boundary markers or instructions to isolate the external content from the agent's core instructions.
  • Capability inventory: The agent has the capability to run gh commands via Bash.
  • Sanitization: No explicit sanitization or filtering of the fetched GitHub content is described before the information is summarized.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:16 PM