github-project-management
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theruv-swarmandclaude-flow@alphapackages from the npm registry during execution. - [REMOTE_CODE_EXECUTION]: Executes external code downloaded via
npxfor repository management tasks and references the third-party GitHub Actionruvnet/swarm-action@v1in its documentation. - [COMMAND_EXECUTION]: Extensively utilizes the GitHub CLI (
gh) to read and write issue data, manage project boards, and create items, providing a broad capability set for repository manipulation. - [PROMPT_INJECTION]: An indirect prompt injection surface is created by the skill's ingestion of untrusted data from GitHub issues to drive automated decisions and actions.
- Ingestion points: The skill reads issue bodies and comments via
gh issue viewinreferences/command-reference.md. - Boundary markers: Instructions do not include explicit delimiters or safety warnings to ignore instructions embedded within the processed issue data.
- Capability inventory: The skill possesses write access to repository metadata and issues, and can execute external shell commands.
- Sanitization: There is no evidence of sanitization or validation of the untrusted issue content before it is used in subsequent operations or process generation.
Audit Metadata