ez-github
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script communicates with the official GitHub API (
api.github.com) to retrieve trending repository data, releases, and search results. These operations target a well-known service and are central to the skill's purpose. - [COMMAND_EXECUTION]: The skill executes its logic via a local Python script using
uv run. The command structure is well-defined and does not involve arbitrary shell execution of user input. - [DATA_EXFILTRATION]: No data exfiltration patterns were detected. The skill only fetches public information from GitHub and outputs it to the console for the agent's use.
- [SAFE]: No evidence of prompt injection, obfuscation, or hardcoded credentials was found in the provided files. The script truncates external content such as descriptions and release notes, which provides a basic layer of protection against unexpected large-scale data ingestion.
Audit Metadata