github
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
gh-skill.shexecutes the official GitHub CLI tool to perform repository management tasks. - Evidence: Found in
gh-skill.shacross all case branches (e.g.,gh pr list,gh issue create,gh api). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from GitHub repositories (Category 8).
- Ingestion points: Content is ingested via
pr-view,issue-view, andrun-viewcommands ingh-skill.sh, which fetch PR descriptions, issue bodies, and CI logs. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat retrieved data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has the capability to write to repositories (e.g.,
pr-create,pr-merge,issue-create), creating a risk if the agent is influenced by malicious data to perform unauthorized actions. - Sanitization: Data retrieved from GitHub is passed directly to the agent without filtering, escaping, or validation.
Audit Metadata