Skills
skills/seabbs/claude-code-config/github-dashboard/Gen Agent Trust Hub

github-dashboard

Pass

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): Executes 'gh api', 'gh pr list', and 'gh issue list' to retrieve GitHub data. This is expected functionality for a dashboard tool.
  • [PROMPT_INJECTION] (LOW): Uses an 'IMPORTANT' directive to control the agent's lifecycle ('automatically exit'). While instructional, it demonstrates a pattern of overriding default agent behavior.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface: The skill processes untrusted external data from GitHub (notifications, PRs, issues). Evidence: Ingestion points: 'gh api notifications', 'gh pr list', 'gh issue list'. Boundary markers: Absent. Capability inventory: Data processing and summarization. Sanitization: Absent. Maliciously crafted issue titles or PR descriptions could attempt to manipulate the agent's reasoning during triage or prioritization.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 15, 2026, 10:57 PM