Skills
skills/bntvllnt/agent-skills/github/Gen Agent Trust Hub

github

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill retrieves and displays data from external sources such as GitHub issue descriptions, Pull Request comments, and CI workflow logs.
  • Ingestion points: The skill executes gh issue view, gh pr view, and gh run view --log-failed to fetch external content (see references/issue.md, references/pr.md, references/ci-monitor.md).
  • Boundary markers: The skill lacks delimiters or explicit warnings to the agent to ignore instructions embedded within external GitHub content.
  • Capability inventory: The agent has the ability to perform high-impact operations such as gh pr merge, gh secret set, gh extension install, and arbitrary gh api calls.
  • Sanitization: There is no evidence of sanitization or filtering applied to external content before it is processed by the agent.
  • [COMMAND_EXECUTION]: Extensive command execution capabilities for GitHub management. The skill allows the agent to modify repositories, manage secrets, and interact with the GitHub API directly.
  • Evidence: Provides instructions for state-changing commands like gh secret set, gh repo delete, and gh api (found in references/secrets-vars.md, references/repo.md, references/api.md).
  • Mitigation: The skill implements a strict confirmation policy for all mutation operations to prevent accidental or unauthorized changes.
  • [EXTERNAL_DOWNLOADS]: Facilitates the installation of GitHub CLI extensions.
  • Evidence: The skill includes documentation for gh extension install in references/extensions.md.
  • Mitigation: Installation requires explicit user confirmation and relies on the GitHub CLI's native extension management system to fetch content from the well-known service GitHub.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 12:52 PM