github-automation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from GitHub Pull Requests and Issues which can contain malicious instructions intended to manipulate the agent (Indirect Prompt Injection).\n
- Ingestion points: PR content and issue descriptions ingested via 'npx claude-flow github review' and 'npx claude-flow github issues list'.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified to isolate untrusted data.\n
- Capability inventory: The skill has permissions to create pull requests, manage issues, and configure workflows.\n
- Sanitization: No validation or filtering of external GitHub data is performed before processing.\n- [EXTERNAL_DOWNLOADS]: The skill uses 'npx' to download and execute the 'claude-flow' package from the NPM registry at runtime.\n- [COMMAND_EXECUTION]: The skill invokes 'gh' (GitHub CLI) and 'npx' to automate repository management and workflow operations.
Audit Metadata