github-repo-candidate-quality-gate
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues were identified in the skill's logic, scripts, or metadata. The skill facilitates repository maintenance tasks using standard, allowed CLI tools.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted metadata from GitHub repository searches. The instructions prioritize objective data extraction and deterministic gates, which minimizes the risk of adversarial input influencing the agent's behavior.
- Ingestion points: Metadata from GitHub repositories (e.g., full_name, rationale) processed via search tools.
- Boundary markers: No specific delimiters or 'ignore' instructions are provided for the incoming repository data.
- Capability inventory: The skill utilizes Bash, Read, Write, Grep, and Glob for data manipulation.
- Sanitization: Input data is not explicitly sanitized within the prompt instructions.
Audit Metadata