Skills
skills/skinnyandbald/fish-skills/repo-audit/Gen Agent Trust Hub

repo-audit

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands using the GitHub CLI (gh), jq, and python3 to automate repository analysis and configuration updates.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external repositories.
  • Ingestion points: Reads repository names, pull request titles, branch names, and GitHub Actions workflow file contents using gh repo list, gh pr list, and gh api calls in SKILL.md.
  • Boundary markers: The skill does not employ delimiters or specific instructions to the agent to ignore potential commands embedded within the fetched GitHub data.
  • Capability inventory: The skill possesses write capabilities, including the ability to enable security alerts and overwrite workflow files via gh api --method PUT (e.g., in the semgrep-syntax and dependabot-config fix steps).
  • Sanitization: There is no evidence of sanitization or escaping of the data fetched from GitHub before it is included in the output report or used in fix logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 07:14 AM