github-discussion-query
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill wraps the GitHub CLI (gh) and jq utility to fetch and process discussion data.
- Evidence: Scripts query-discussions.py and query-discussions.sh invoke these tools.
- Analysis: Commands are invoked using secure patterns (argument lists in Python and quoted variables in Shell), which mitigates shell injection risks. The operations are limited to the intended functionality of querying repository metadata.
- [EXTERNAL_DOWNLOADS]: No remote code or scripts are downloaded at runtime.
- Analysis: The skill relies on standard system utilities (gh, jq) which must be pre-installed by the user. It does not fetch executable content from the internet.
- [DATA_EXFILTRATION]: No unauthorized data transmission detected.
- Analysis: Network activity is restricted to the gh command communicating with official GitHub APIs using the user's local credentials.
Audit Metadata