github
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides documentation and installation instructions for the official GitHub CLI tool, utilizing trusted system package managers such as brew and apt.
- [COMMAND_EXECUTION]: The skill uses the
ghcommand-line interface to interact with GitHub repositories, pull requests, issues, and CI workflows, which is consistent with its stated purpose. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from GitHub (e.g., PR titles, issue bodies, and CI logs) that could contain untrusted instructions.
- Ingestion points:
gh pr view,gh issue list,gh run view, andgh apicalls read external repository content. - Boundary markers: No specific delimiters or "ignore previous instructions" markers are used when processing this data.
- Capability inventory: The skill includes write capabilities such as creating pull requests, merging code, and commenting on issues.
- Sanitization: The skill relies on the agent's default safety guardrails and the standard output handling of the GitHub CLI.
Audit Metadata