mastering-github-cli
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: Technical analysis of the skill's scripts, reference documents, and configuration reveals no malicious patterns or security risks. The skill is functionally transparent and adheres to its stated purpose of managing GitHub resources.
- [COMMAND_EXECUTION]: The skill provides several bash scripts in the
scripts/directory for automating complex GitHub tasks. These are well-documented and safe. Documentation inreferences/workflow-authoring.mdincludes commands likesudo rm -rf /usr/share/dotnet, which are correctly described as standard practices for freeing disk space on remote GitHub-hosted runners and are not executed locally. - [EXTERNAL_DOWNLOADS]: The skill references the
skilzuniversal installer, which is authored by the same vendor (SpillwaveSolutions). This is considered a legitimate vendor resource for skill lifecycle management across different agent platforms. - [PROMPT_INJECTION]: The skill interacts with external, potentially untrusted data from GitHub (e.g., PR descriptions, issue bodies, workflow logs), representing a surface for indirect prompt injection.
- Ingestion points: Data enters the context via
gh search,gh pr list/view,gh issue list/view, andgh run view --logcommands. - Boundary markers: No explicit markers or specific instructions to ignore embedded commands in external data are provided.
- Capability inventory: The skill is authorized to use
Bashfor script execution and has full access to theghtool for repository and automation management. - Sanitization: The skill uses
jqto parse structured JSON data, which provides basic data handling, but content within the fields is not sanitized before presentation to the agent.
Audit Metadata