gh-work-report
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official GitHub Actions from the trusted 'actions' organization for its automation features, including actions/checkout, actions/configure-pages, actions/upload-pages-artifact, and actions/deploy-pages.
- [COMMAND_EXECUTION]: Utilizes standard
ghandgitcommands to retrieve activity data and manage report files. These operations are transparent, restricted to the user's authenticated scope, and used solely for the stated purpose of report generation and repository management. - [DATA_EXFILTRATION]: Accesses GitHub repository, pull request, and issue metadata across all authenticated accounts to synthesize reports. The collected data is processed locally or stored in a user-controlled private repository, with no unauthorized network transmission detected.
- [PROMPT_INJECTION]: Ingests external data from GitHub (pull request titles and repository descriptions) during report synthesis. This poses a low risk as the data is used for aggregation and summary formatting within markdown files rather than being interpolated into system instructions or executable code.
Audit Metadata