gh
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection where malicious instructions embedded in GitHub issues or pull requests could influence the agent's behavior.
- Ingestion points: Content is ingested from external sources via
gh pr view,gh issue view, andgh release view. - Boundary markers: The skill documentation lacks instructions or delimiters to help the agent differentiate between its core instructions and the data being processed.
- Capability inventory: The skill enables highly privileged operations, including
gh apiwith POST, PUT, and DELETE methods, as well asgh pr mergeandgh repo create. - Sanitization: There is no evidence of input sanitization or explicit 'ignore embedded instructions' directives to mitigate the risk of processing attacker-controlled text.
Audit Metadata