executing-github-task
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a curated list of external documentation sources in
references/external-sources.md. These URLs target well-known and trusted technology organizations including Anthropic, GitHub, Google, Atlassian, and OWASP. These references are used for static background information to assist the agent during code review and architectural assessment. - [COMMAND_EXECUTION]: The skill uses shell commands for legitimate development workflows. Specifically, it uses the GitHub CLI (
gh) for updating issue labels and comments, and standardgitcommands for branch management. It also executes test runners as part of the implementation verification phase, which is necessary for its primary purpose as a development assistant. - [PROMPT_INJECTION]: No malicious injection patterns or attempts to bypass safety filters were detected. The sub-agent prompts are focused and include clear operating constraints and escalation paths.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data access or exfiltration. The skill operates on local artifacts (docs and source code) and only communicates with GitHub via the official CLI tool.
- [SAFE]: The skill implements security best practices by including a dedicated
security-auditorsub-agent designed to catch hardcoded secrets, injection risks, and unsafe data handling in the code it produces.
Audit Metadata