github-repo-signals

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to interact with the GitHub API. Technical analysis of scripts/gh_common.py shows that shell commands are executed using subprocess.run() with a list of arguments, which is a secure practice that prevents shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves public data (repository stars, forks, issues, and user profiles) from GitHub's official API. These network operations are necessary for the skill's primary function and target a trusted domain (github.com).
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted data from external sources.
  • Ingestion points: Data is collected from GitHub user bios, issue titles, and issue bodies via the GitHub API in scripts/gh_repo_signals.py and scripts/gh_issues_scanner.py.
  • Boundary markers: The data is exported to structured CSV files (_users.csv, _interactions.csv) before being presented to the agent for analysis.
  • Capability inventory: The skill has access to the Bash tool and can execute local Python scripts via subprocess calls.
  • Sanitization: There is no explicit sanitization or filtering of the text content retrieved from GitHub, relying on the agent's internal safety guardrails when interpreting the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — github-repo-signals