github-repo-signals
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to interact with the GitHub API. Technical analysis ofscripts/gh_common.pyshows that shell commands are executed usingsubprocess.run()with a list of arguments, which is a secure practice that prevents shell injection. - [EXTERNAL_DOWNLOADS]: The skill retrieves public data (repository stars, forks, issues, and user profiles) from GitHub's official API. These network operations are necessary for the skill's primary function and target a trusted domain (github.com).
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests untrusted data from external sources.
- Ingestion points: Data is collected from GitHub user bios, issue titles, and issue bodies via the GitHub API in
scripts/gh_repo_signals.pyandscripts/gh_issues_scanner.py. - Boundary markers: The data is exported to structured CSV files (
_users.csv,_interactions.csv) before being presented to the agent for analysis. - Capability inventory: The skill has access to the
Bashtool and can execute local Python scripts via subprocess calls. - Sanitization: There is no explicit sanitization or filtering of the text content retrieved from GitHub, relying on the agent's internal safety guardrails when interpreting the data.
Audit Metadata