Skills
skills/thedaviddias/skill-check/github-gh/Gen Agent Trust Hub

github-gh

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes GitHub CLI commands to manage pull requests, issues, and workflow runs. This is the primary intended functionality of the skill.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it reads and processes data from external GitHub repositories which are not under the direct control of the agent.\n
  • Ingestion points: Data enters the context via gh pr checks, gh run list, gh run view, and gh api outputs.\n
  • Boundary markers: No delimiters or instructions are used to distinguish between CLI output and potential malicious instructions within that output.\n
  • Capability inventory: The skill allows the agent to execute shell commands and interact with the GitHub API.\n
  • Sanitization: No sanitization or validation of the content returned from the GitHub CLI is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:21 AM