Skills
skills/cskiro/claudex/github-repo-setup/Gen Agent Trust Hub

github-repo-setup

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and git to automate repository management tasks, including creation, permission settings, and security feature enablement. These actions are transparent and appropriate for the skill's described purpose.
  • [EXTERNAL_DOWNLOADS]: Fetches .gitignore templates from https://www.toptal.com/developers/gitignore/api/. This is a well-known and reputable service for developers, and the download is restricted to static configuration files.
  • [PROMPT_INJECTION]: The skill incorporates user-provided inputs such as repository names, descriptions, and technology stacks into shell commands, creating a potential surface for indirect prompt injection.
  • Ingestion points: User-supplied values for repository metadata in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are used to isolate user input in the command templates.
  • Capability inventory: Execution of shell commands (gh, git, curl) and local file system writes.
  • Sanitization: None explicitly provided in the skill instructions; the system relies on the agent platform's internal input validation and safety controls.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 01:31 PM