github-multi-repo
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill clones external repositories to a local temporary directory and executes 'npm update' and 'npm test' on the contents. This pattern can lead to arbitrary code execution if a repository contains malicious lifecycle scripts or tests.
- [COMMAND_EXECUTION]: Extensive use of shell execution via 'Bash()' to interact with the GitHub CLI ('gh'), git, and the local filesystem for repository discovery and automation.
- [EXTERNAL_DOWNLOADS]: Automates the fetching of remote code through 'gh repo clone' and 'gh api' calls to retrieve repository contents and configuration files.
- [DYNAMIC_EXECUTION]: Programmatically generates and overwrites project configuration files ('package.json', 'config.json') and GitHub Action workflows ('integration.yml') across repositories.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Fetches external data including repository lists, descriptions, and file contents from GitHub.
- Boundary markers: None detected; external data is processed and used to determine subsequent commands and PR descriptions.
- Capability inventory: Possesses significant capabilities including repository creation, file pushing, and execution of shell commands.
- Sanitization: Uses 'jq' for processing structured JSON data, providing some structural validation, but does not explicitly sanitize natural language fields before use.
Audit Metadata