Skills
skills/yldgio/codereview-skills/gh-cli/Gen Agent Trust Hub

gh-cli

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation for the official GitHub CLI, a well-known and trusted tool from a recognized organization.
  • [PROMPT_INJECTION]: The guide includes a dedicated 'Security Best Practices' section that explicitly warns against command injection and provides instructions on how to safely sanitize input when using templates or filters.
  • [EXTERNAL_DOWNLOADS]: Installation instructions reference fetching the GPG keyring from the official cli.github.com domain, which is the standard and recommended installation method for the tool.
  • [CREDENTIALS_UNSAFE]: The documentation follows best practices for secret management, advising users to never store tokens in plain text and recommending restricted file permissions (e.g., chmod 600) for token files.
  • [DATA_EXPOSURE]: While the tool interacts with sensitive data like SSH keys and authentication tokens, the skill provides clear guidance on secure handling and uses placeholders for all examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:19 AM