github
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the GitHub CLI ('gh') via trusted package managers like Homebrew or APT. These are verified and safe sources for system tools.
- [COMMAND_EXECUTION]: The skill utilizes the 'gh' CLI to interact with GitHub for tasks such as retrieving pull request status, listing issues, and viewing workflow runs. This is the primary intended function of the skill.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data is retrieved from external GitHub repositories using 'gh issue', 'gh pr', and 'gh api' commands in SKILL.md.
- Boundary markers: There are no explicit markers or instructions defined to prevent the agent from following directions embedded within the fetched GitHub data.
- Capability inventory: The agent can perform a variety of actions via the GitHub CLI, including reading repository data and interacting with the GitHub API.
- Sanitization: No data sanitization or 'ignore embedded instructions' prompts are present to mitigate risks from malicious content in issues or pull requests.
Audit Metadata