github-kb
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes gh and git commands using user-provided queries and repository names. If the agent does not properly sanitize these inputs, it could lead to command injection.- [EXTERNAL_DOWNLOADS]: The skill performs downloads from GitHub (github.com) using git clone. While GitHub is a well-known service, the downloaded code/content is untrusted and its volume is controlled by external owners.- [PROMPT_INJECTION]: The skill processes untrusted data from external repositories which constitutes an indirect prompt injection surface.
- Ingestion points: The git clone command downloads repository files, and the agent is instructed to read README or key files from these repositories to generate descriptions.
- Boundary markers: No boundary markers or 'ignore' instructions are defined to separate the downloaded content from the agent's internal logic.
- Capability inventory: The skill has access to subprocess execution via the gh CLI and git, and file system write access to update the GITHUB_KB.md file.
- Sanitization: There is no evidence of content sanitization or validation before the agent processes and summarizes the external files.
Audit Metadata