github-project-management
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The scanner flagged 'github.event.label.name', which represents an untrusted data source. In the context of GitHub-integrated skills, this property can be manipulated by external users to provide malicious instructions (Indirect Prompt Injection).
- [COMMAND_EXECUTION] (LOW): The presence of user-controlled event labels creates a vulnerability surface for command injection. If this metadata is interpolated into shell commands without sanitization, it could allow an attacker to execute arbitrary code.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata