Skills
skills/samhvw8/dotfiles/github-search/Gen Agent Trust Hub

github-search

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from GitHub search results which is then processed by the agent. \n
  • Ingestion points: Search results from gh search and gh api calls in SKILL.md. \n
  • Boundary markers: None provided to isolate external data from the agent's instruction context. \n
  • Capability inventory: The agent has access to the Bash tool, enabling full command execution on the host. \n
  • Sanitization: No sanitization or safety filtering is applied to the retrieved GitHub content. \n- [Dynamic Execution] (MEDIUM): The skill uses command substitution $(...) and jq to dynamically construct shell commands for API requests, which could be exploited for shell injection if the agent does not properly escape user-provided query strings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:10 AM