github-modes
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or data exfiltration attempts were detected in the skill's instructions or examples. All operations leverage the official GitHub CLI tool in a standard manner.
- [Indirect Prompt Injection] (SAFE): The skill interacts with external content from GitHub (PR descriptions, issue bodies, and file contents) which is a known surface for indirect prompt injection. This is a functional requirement of the integration rather than a vulnerability in the skill itself.
- Ingestion points:
gh pr view,gh issue list,gh api .../contents/(viaSKILL.md). - Boundary markers: Absent in provided examples; the agent must implement its own markers when processing results.
- Capability inventory: The skill allows significant repository interactions including creating PRs, deleting branches, and triggering workflows (via
SKILL.md). - Sanitization: No explicit sanitization or validation of the ingested external content is defined in the command snippets.
Audit Metadata