Skills
skills/seabbs/skills/add-bot/Gen Agent Trust Hub

add-bot

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes series of gh CLI commands to perform administrative tasks. It uses gh auth switch to change the local authentication context and gh api with the PUT method to modify repository collaborator permissions. This behavior leverages the existing privileges of the user running the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it processes.
  • Ingestion points: Configuration is read from the ## Automation config table within CLAUDE.md in the project directory.
  • Boundary markers: No boundary markers or validation steps are present to ensure the CLAUDE.md file has not been tampered with.
  • Capability inventory: The skill possesses the ability to grant repository write access ('push' permissions) and switch between authenticated GitHub sessions via gh auth switch.
  • Sanitization: There is no logic to verify that the bot_account or owner_account strings retrieved from the file are legitimate or expected before the agent proceeds to grant permissions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 07:16 AM