github-project-management
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes remote code using npx to run claude-flow@alpha and ruv-swarm packages without fixed versions or integrity checks.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external data from GitHub issues to drive automated actions. 1. Ingestion points: Data is ingested via gh issue view, gh issue list, and gh project item-list commands in SKILL.md. 2. Boundary markers: None identified. Issue content is processed without clear delimitation. 3. Capability inventory: Includes GitHub CLI operations (gh issue create/edit), project board management, and remote code execution via npx. 4. Sanitization: No sanitization or validation of the fetched issue content is performed before processing.
- [COMMAND_EXECUTION]: The skill relies on complex shell pipelines involving the GitHub CLI (gh), jq, and npx to automate task decomposition, triage, and board synchronization.
Audit Metadata