gh-agent-session
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
github/agent-taskextension from GitHub's official repository via the GitHub CLI. As this is a well-known service and the resource belongs to the skill's authoring organization, the reference is considered safe. - [CREDENTIALS_UNSAFE]: The skill documentation correctly identifies the need for Personal Access Tokens (PATs) and recommends storing them as repository secrets (e.g.,
COPILOT_GITHUB_TOKEN). It discourages hardcoding credentials and provides clear guidance on secure token management. - [PROMPT_INJECTION]: The skill describes a workflow that ingests natural language instructions (e.g., from issue descriptions or files) to trigger automated code modifications via GitHub Copilot.
- Ingestion points: Instructions enter the system via the
gh agent-task createcommand arguments or the--from-fileparameter. - Boundary markers: The documentation does not specify explicit boundary markers or sanitization for these instructions.
- Capability inventory: The tool can create issues and pull requests that result in automated code changes.
- Sanitization: No specific sanitization methods for input instructions are described. While this represents a surface for indirect prompt injection, it is the intended functionality of the tool and follows standard agentic design patterns.
Audit Metadata