github-project-management

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the ruv-swarm and claude-flow@alpha packages from the npm registry during execution.
  • [REMOTE_CODE_EXECUTION]: Executes external code downloaded via npx for repository management tasks and references the third-party GitHub Action ruvnet/swarm-action@v1 in its documentation.
  • [COMMAND_EXECUTION]: Extensively utilizes the GitHub CLI (gh) to read and write issue data, manage project boards, and create items, providing a broad capability set for repository manipulation.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is created by the skill's ingestion of untrusted data from GitHub issues to drive automated decisions and actions.
  • Ingestion points: The skill reads issue bodies and comments via gh issue view in references/command-reference.md.
  • Boundary markers: Instructions do not include explicit delimiters or safety warnings to ignore instructions embedded within the processed issue data.
  • Capability inventory: The skill possesses write access to repository metadata and issues, and can execute external shell commands.
  • Sanitization: There is no evidence of sanitization or validation of the untrusted issue content before it is used in subsequent operations or process generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — github-project-management