skills/dnyoussef/ai-chrome-extension/when-managing-github-projects-use-github-project-management/Gen Agent Trust Hub
when-managing-github-projects-use-github-project-management
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theclaude-flowpackage with an unpinned@alphatag. This creates a dependency on remote code that can change without notice, introducing supply chain risk. - [COMMAND_EXECUTION]: The workflow relies on the execution of multiple local shell scripts (e.g.,
scripts/github-api.sh,scripts/project-api.sh,scripts/team-capacity.sh) to perform tasks. This allows the skill to execute arbitrary logic on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from GitHub issues and comments to drive logic like triage, classification, and assignment.
- Ingestion points: Fetches issue details and comments via
scripts/github-api.sh fetch-issueinSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agents to ignore potential instructions embedded in the ingested content.
- Capability inventory: The skill has broad capabilities, including writing to the GitHub API (creating releases and milestones) and sending data to Slack webhooks.
- Sanitization: There is no evidence of filtering or sanitization of issue bodies or comments before they are interpreted by the agents.
Audit Metadata