tools-github-integration
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including
git,npm, andpip. This is necessary for the orchestration workflow but carries inherent risk if the repository environment contains malicious configurations. - [EXTERNAL_DOWNLOADS]: The workflow includes
npm installandpip install, which download and install packages from external registries. While standard for development, this can execute arbitrary code during installation if the project's dependency manifests are compromised. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It automatically identifies and processes external data (Git branch names and branch content).
- Ingestion points: Discovered Git branches (
origin/*) viagit worktree listandgit merge(SKILL.md). - Boundary markers: None specified to prevent the agent from following instructions found in branch content or metadata during the integration process.
- Capability inventory: Subprocess execution for environment setup and testing (SKILL.md).
- Sanitization: No explicit sanitization of branch names or file content is mentioned, which could lead to command injection if branch names are used unsafely in shell contexts.
Audit Metadata