github-ops

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh CLI and git to perform remote repository operations and manage local commit history.\n- [COMMAND_EXECUTION]: It executes a local safety script at $HOME/.claude/skills/push-gate/scripts/preflight.sh to validate the state of the repository before any code is pushed to a remote.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by reading and interpreting the contents of local project files and git logs to automate the creation of GitHub release notes and descriptions.\n
  • Ingestion points: Reads README.md, CHANGELOG.md, pyproject.toml, package.json, and git log output.\n
  • Boundary markers: The instructions do not define delimiters or warnings to ignore malicious instructions that might be embedded in these files.\n
  • Capability inventory: The skill has access to powerful tools including Bash, gh, git, and the ability to Edit files.\n
  • Sanitization: There is no evidence of filtering or escaping content ingested from external project files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:53 PM
Security Audit — agent-trust-hub — github-ops