Skills
skills/bcastelino/agent-skills-kit/github-automation/Gen Agent Trust Hub

github-automation

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from GitHub and has high-privilege capabilities.
  • Ingestion points: Data enters the agent context through GITHUB_LIST_REPOSITORY_ISSUES, GITHUB_SEARCH_CODE, GITHUB_GET_REPOSITORY_CONTENT, and GITHUB_SEARCH_COMMITS_BY_AUTHOR as specified in SKILL.md.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific ignore patterns for instructions embedded within the GitHub data.
  • Capability inventory: The skill has the authority to execute sensitive operations including GITHUB_MERGE_A_PULL_REQUEST, GITHUB_DELETE_A_REPOSITORY, GITHUB_CREATE_A_WORKFLOW_DISPATCH_EVENT, and GITHUB_UPDATE_BRANCH_PROTECTION.
  • Sanitization: Absent. There is no evidence of content validation or sanitization before the external GitHub data is processed.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct users to configure an external MCP server endpoint located at https://rube.app/mcp.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:42 AM
Security Audit — agent-trust-hub — github-automation