Skills
skills/why8023/agent-skills/gh-repo-bootstrap/Gen Agent Trust Hub

gh-repo-bootstrap

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands using git and gh (GitHub CLI) to initialize repositories, authenticate users, and manage remote connections.
  • [DATA_EXFILTRATION]: The skill's primary function involves pushing local project data to remote GitHub repositories. While the instructions include guardrails to avoid pushing sensitive files like .env or secrets, the provided command templates use git add ., which indiscriminately stages all files in a directory. This presents a risk of accidental data exposure if the environment is not properly sanitized or if a .gitignore is missing.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it instructs the agent to inspect local project files and status before performing actions. Malicious instructions placed within the project files by a third party could potentially influence the agent's behavior during the bootstrapping process.
  • Ingestion points: Project files and local repository metadata processed during git status, git rev-parse, and git add operations (SKILL.md, Workflow steps 1 and 4).
  • Boundary markers: The skill includes explicit 'Guardrails' and 'Workflow' instructions directing the agent to ignore secrets and .env files.
  • Capability inventory: The agent has the capability to execute shell commands, create remote repositories on GitHub, and push local data to those repositories.
  • Sanitization: The instructions require the agent to perform a pre-check of the working tree to identify and 'converge' (exclude) sensitive or unrelated files before proceeding.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 07:16 AM