Skills
skills/aradotso/ai-agent-skills/github-agentic-workflows/Gen Agent Trust Hub

github-agentic-workflows

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of a GitHub CLI extension from the official github organization and downloads workflow templates from githubnext. These are well-known and reputable sources associated with the platform's development.
  • [COMMAND_EXECUTION]: Uses the GitHub CLI (gh) and standard filesystem operations to perform repository management tasks such as triaging issues and creating pull requests. This behavior is the intended and primary function of the skill.
  • [PROMPT_INJECTION]: The skill processes untrusted input from repository issues, pull request descriptions, and workflow logs. This creates a surface for indirect prompt injection (e.g., a malicious issue title attempting to influence the agent). This is an inherent risk in processing external content, and the skill's operations are limited by the repository token's permissions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:27 AM
Security Audit — agent-trust-hub — github-agentic-workflows