executing-github-task

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references a curated list of external documentation sources in references/external-sources.md. These URLs target well-known and trusted technology organizations including Anthropic, GitHub, Google, Atlassian, and OWASP. These references are used for static background information to assist the agent during code review and architectural assessment.
  • [COMMAND_EXECUTION]: The skill uses shell commands for legitimate development workflows. Specifically, it uses the GitHub CLI (gh) for updating issue labels and comments, and standard git commands for branch management. It also executes test runners as part of the implementation verification phase, which is necessary for its primary purpose as a development assistant.
  • [PROMPT_INJECTION]: No malicious injection patterns or attempts to bypass safety filters were detected. The sub-agent prompts are focused and include clear operating constraints and escalation paths.
  • [DATA_EXFILTRATION]: There is no evidence of unauthorized data access or exfiltration. The skill operates on local artifacts (docs and source code) and only communicates with GitHub via the official CLI tool.
  • [SAFE]: The skill implements security best practices by including a dedicated security-auditor sub-agent designed to catch hardcoded secrets, injection risks, and unsafe data handling in the code it produces.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:29 AM
Security Audit — agent-trust-hub — executing-github-task