Skills
skills/yiyousiow000814/xauusd-calendar-agent/github-pr-edit/Gen Agent Trust Hub

github-pr-edit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFE
Full Analysis
  • CREDENTIALS_UNSAFE (LOW): The script patch_pr.ps1 programmatically retrieves sensitive authentication tokens from the local environment.
  • Evidence: Use of git credential fill in scripts/patch_pr.ps1 (lines 34-39) to extract stored passwords from the Git credential manager.
  • Context: This is a sensitive operation, though the skill includes explicit warnings in SKILL.md to avoid logging or printing the token. The severity is lowered as this is required for the skill's primary purpose of authenticating with the GitHub API.
  • Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it ingests data from external files to update PR metadata without sanitization.
  • Ingestion points: The -BodyFile parameter in scripts/patch_pr.ps1 reads raw content from a local file path.
  • Boundary markers: None. There are no delimiters or instructions provided to the LLM or API to ignore malicious instructions embedded within the file content.
  • Capability inventory: The script possesses write capabilities (PATCH and POST) to the GitHub API via Invoke-RestMethod.
  • Sanitization: None. The content is converted to JSON and sent directly to the GitHub REST API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM