Skills
skills/akaszubski/anyclaude-local/github-workflow/Gen Agent Trust Hub

github-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses gh and git commands locally to manage repositories, create issues, and handle pull requests.
  • [EXTERNAL_DOWNLOADS]: Directs the user to install the official GitHub CLI through standard system package managers such as Homebrew, APT, and Chocolatey.
  • [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill automates the ingestion of external data like test failure logs and commit messages into GitHub resources.
  • Ingestion points: Test stack traces and GenAI findings are used as input for the /issue command.
  • Boundary markers: No specific delimiters or boundary warnings are documented for handling untrusted external data.
  • Capability inventory: The skill executes shell commands via the gh CLI to interact with GitHub services.
  • Sanitization: No explicit data sanitization or validation steps are described for the automated data processing workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 12:11 PM