github
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of numerous GitHub CLI (
gh) commands for repository, issue, and pull request management. These are legitimate administrative and development operations within the scope of the skill's purpose.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.\n - Ingestion points: Untrusted data enters the agent context through commands like
gh pr view,gh pr list --comments,gh issue view, andgh run view --log, which retrieve user-controlled text from external GitHub resources (SKILL.md).\n - Boundary markers: There are no instructions to the agent to treat retrieved content as data only or to ignore instructions embedded in the retrieved text.\n
- Capability inventory: The skill provides high-impact capabilities such as merging pull requests (
gh pr merge), deleting releases (gh release delete), and running workflows (gh workflow run) (SKILL.md).\n - Sanitization: No automated sanitization or validation of fetched content is performed before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill includes functionality to clone repositories and download release assets from GitHub. These operations use a well-known service and are documented here as part of the intended functionality.
Audit Metadata