Skills
skills/dcjanus/prompts/github-cli/Gen Agent Trust Hub

github-cli

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external sources.\n
  • Ingestion points: Retrieves content from GitHub issues, pull requests, comments, and repository templates using gh issue view and gh pr view.\n
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions that might be embedded within the retrieved GitHub content.\n
  • Capability inventory: The skill allows the agent to create and edit issues and pull requests, as well as post comments, providing a mechanism for an attacker to trigger unintended write operations.\n
  • Sanitization: There are no instructions for sanitizing or validating the content fetched from GitHub before it is incorporated into the agent's context or used for subsequent actions.\n- [SAFE]: The skill uses the official GitHub CLI (gh) and standard git commands for its operations, which are legitimate tools for the stated purpose.\n- [SAFE]: The recommendation to use /tmp/*.md files and the --body-file flag when creating or editing content is a positive security practice that avoids potential command injection or shell errors associated with handling very large strings in command arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:56 PM