Skills
skills/ruvnet/ruflo/github-project-management/Gen Agent Trust Hub

github-project-management

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands and GitHub CLI (gh) operations to manage repository issues, project boards, and milestones.
  • [EXTERNAL_DOWNLOADS]: Uses npx to dynamically fetch and execute the ruv-swarm and claude-flow packages. These are resources belonging to the skill's authoring ecosystem.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from GitHub.
  • Ingestion points: Content is retrieved from GitHub via gh issue view, gh issue list, and gh project item-list commands.
  • Boundary markers: There are no instruction-ignoring delimiters or boundary markers used when interpolating issue titles, bodies, or comments into the agent's context.
  • Capability inventory: The skill possesses capabilities to create, edit, comment on, and close GitHub issues, as well as execute shell scripts and manipulate project boards.
  • Sanitization: The skill does not appear to sanitize or validate the content retrieved from GitHub before processing it with AI agents or using it in subtask decomposition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:33 PM