Skills
skills/cat-xierluo/legal-skills/github-star-manager/Gen Agent Trust Hub

github-star-manager

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches repository metadata, README files, and release information from the GitHub API (api.github.com) and the associated raw content domains (raw.githubusercontent.com).
  • [COMMAND_EXECUTION]: Instructions in the documentation guide the agent to use the GitHub CLI (gh) for searching, starring, and unstarring repositories as part of its core functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches external content from GitHub (such as README files and repository descriptions) and processes it using an AI model to generate summaries.
  • Ingestion points: Untrusted content is retrieved from external GitHub repositories via the StarTracker.get_readme method.
  • Boundary markers: The README content is interpolated directly into the AI prompt in StarTracker.summarize_with_ai without the use of isolation delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill possesses the capability to modify a user's GitHub Star list and write summary reports to the local file system.
  • Sanitization: External content is truncated to 2000 characters before processing, but no escaping or instruction filtering is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:02 AM