github-ops
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ghCLI andgitto perform remote repository operations and manage local commit history.\n- [COMMAND_EXECUTION]: It executes a local safety script at$HOME/.claude/skills/push-gate/scripts/preflight.shto validate the state of the repository before any code is pushed to a remote.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by reading and interpreting the contents of local project files and git logs to automate the creation of GitHub release notes and descriptions.\n - Ingestion points: Reads
README.md,CHANGELOG.md,pyproject.toml,package.json, andgit logoutput.\n - Boundary markers: The instructions do not define delimiters or warnings to ignore malicious instructions that might be embedded in these files.\n
- Capability inventory: The skill has access to powerful tools including
Bash,gh,git, and the ability toEditfiles.\n - Sanitization: There is no evidence of filtering or escaping content ingested from external project files before processing.
Audit Metadata