github
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill metadata explicitly authorizes the agent to use the
gh(GitHub CLI) tool. This command provides broad write access to repositories, including creating PRs, merging code, and changing repository settings, which is a high-privilege capability. - [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest untrusted data (source code, issue descriptions, and user requests) to populate pull request templates.
- Ingestion points: Processes repository data and issue content to generate PR bodies.
- Boundary markers: Absent; there are no instructions to ignore or delimit embedded instructions in the ingested data.
- Capability inventory: Authorizes the high-privilege
ghcommand suite. - Sanitization: Absent; no logic is provided to escape or filter potentially malicious instructions within the data being processed.
Recommendations
- AI detected serious security threats
Audit Metadata