Skills
skills/apsteinberg/skills/gh-cli/Gen Agent Trust Hub

gh-cli

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to guide the agent in executing shell commands using the GitHub CLI (gh). These commands include repository cloning, PR management, and log viewing, which are standard operations for development workflows.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8). It involves reading untrusted external data from GitHub sources (e.g., issue bodies via gh issue view, PR descriptions via gh pr view, and workflow logs via gh run view --log).
  • Ingestion points: Commands like gh pr view, gh issue view, and gh run view --log bring external text into the agent's context.
  • Boundary markers: None identified in the provided instructions.
  • Capability inventory: The agent has the capability to execute shell commands (gh) and interact with the file system (gh repo clone).
  • Sanitization: No explicit sanitization or instructions to ignore embedded commands within the processed data are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 09:10 PM