Skills
skills/steipete/clawdis/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses the official gh CLI to interact with GitHub repositories, which is its primary intended purpose.
  • [EXTERNAL_DOWNLOADS] (SAFE): The metadata specifies the installation of the gh binary through trusted system package managers like Homebrew and APT.
  • [PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection as it processes untrusted data (like PR descriptions or issue comments) from external GitHub repositories. Evidence Chain: 1. Ingestion points: Data enters via gh pr, gh issue, and gh api commands. 2. Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted. 3. Capability inventory: The skill allows the agent to read and potentially modify GitHub data through the gh CLI. 4. Sanitization: Absent; the content is passed directly to the agent without escaping or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 10:41 PM