github
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill uses the
ghcommand-line tool to perform standard operations like listing issues and checking PR status. No dangerous or arbitrary command execution patterns were found. - [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection because it reads untrusted data from external GitHub repositories.
- Ingestion points: Data is ingested through
gh issue list,gh pr view,gh run view, andgh apicommands as documented inSKILL.md. - Boundary markers: No specific delimiters or safety warnings are provided for the agent to distinguish between tool output and instructions.
- Capability inventory: The skill is limited to
ghCLI operations which require local authentication. - Sanitization: No sanitization of GitHub output (e.g., issue titles or PR bodies) is performed by the skill itself.
- [External Downloads] (SAFE): The installation metadata references the official GitHub CLI package via trusted system package managers (
brew,apt).
Audit Metadata