Skills
skills/shigurelab/gh-llm/github-conversation/Gen Agent Trust Hub

github-conversation

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the gh-llm tool using uv tool install or as a GitHub CLI extension (ShigureLab/gh-llm). These are external software dependencies provided by the skill author.\n- [PROMPT_INJECTION]: The skill performs actions based on content retrieved from GitHub, which is an untrusted external source susceptible to indirect prompt injection.\n
  • Ingestion points: Commands such as gh-llm pr view and gh-llm issue view fetch arbitrary text from GitHub PRs, issues, and comments.\n
  • Boundary markers: The prompt instructions do not include markers or delimiters to separate fetched user content from agent instructions.\n
  • Capability inventory: The skill utilizes gh to perform write operations, including posting comments and modifying PR/issue metadata like labels and reviewers.\n
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 02:15 PM