setup-github
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) for administrative tasks such as creating labels and project boards, which is standard for repository management.
- [EXTERNAL_DOWNLOADS]: Workflow templates reference GitHub Actions from official and well-known providers (GitHub Actions, AWS, Docker, Fly.io, and Anthropic) and install Python packages (mkdocs, mkdocs-material, mkdocs-mermaid2-plugin) during execution.
- [PROMPT_INJECTION]: The provided workflow templates for AI-assisted review and triage process untrusted data from pull request diffs, issue descriptions, and comments. These templates grant the AI access to the gh command-line tool to perform actions like editing issues or submitting reviews.
- Ingestion points:
templates/claude-code-review.yml,templates/claude-issue-triage.yml, andtemplates/claude-prd-creation.yml. - Boundary markers: Absent. The prompts do not explicitly delimit external content or include instructions to ignore embedded commands.
- Capability inventory: Workflows are granted access to multiple gh subcommands (view, diff, review, comment, edit, label create) through the anthropics/claude-code-action.
- Sanitization: No explicit sanitization or validation of external content is performed before processing.
Audit Metadata