github-project-management
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto dynamically download and run packages such asruv-swarmandclaude-flowfrom the NPM registry. These are vendor-owned tools associated with the skill author. - [REMOTE_CODE_EXECUTION]: Remote code execution is performed via
npxfor executing swarm coordination logic and through the reference toruvnet/swarm-action@v1for GitHub Actions automation. - [COMMAND_EXECUTION]: The skill relies on extensive Bash command execution using the GitHub CLI (
gh) andnpxto perform repository management, metadata manipulation, and project board automation. - [DATA_EXFILTRATION]: The skill documentation includes examples of transmitting project data to external endpoints, such as a configurable
--webhook-endpointand distribution of reports via slack or email. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing content from GitHub issues (titles, bodies, and comments) which can be influenced by external actors.
- Ingestion points: Untrusted issue data is retrieved through
gh issue viewandgh issue listcommands, which populate variables like$ISSUE_DATAand$ISSUE_BODYin the provided workflows. - Boundary markers: The scripts do not implement specific boundary markers or instructions to the AI to ignore embedded commands within the ingested issue content.
- Capability inventory: The skill possesses significant write capabilities, including editing issues, posting comments, and spawning AI agents with specialized roles via
mcp__claude-flow__agent_spawn. - Sanitization: No explicit sanitization, validation, or filtering of the retrieved issue content is performed before it is passed to the swarm agents for processing.
Audit Metadata