gh-tool
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. Ingestion points: Data enters the context via pr view, issue view, and workflow logs in SKILL.md. Boundary markers: No delimiters are specified to isolate external content from instructions. Capability inventory: The skill can merge PRs, create PRs, close issues, and rerun workflows. Sanitization: No sanitization or validation of the ingested GitHub content is documented.
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through the bun gh-tool CLI. The documentation mentions an internal credential guard intended to restrict the use of raw gh commands.
Audit Metadata