Skills
skills/i9wa4/dotfiles/github/Gen Agent Trust Hub

github

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing a GitHub CLI extension from an external repository (agbiotech/gh-sub-issue) to enable sub-issue management.
  • [REMOTE_CODE_EXECUTION]: Executing gh extension install for a third-party repository results in the download and potential execution of external code on the user's system.
  • [COMMAND_EXECUTION]: The skill utilizes complex shell pipelines involving awk and jq to parse diffs and API responses, which run commands in the local shell environment.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by fetching and displaying untrusted content from GitHub.
  • Ingestion points: SKILL.md (utilizing gh issue view and gh api for comments).
  • Boundary markers: Absent; no instructions are provided to delimit or ignore instructions within external content.
  • Capability inventory: gh extension install, gh issue create, gh pr comment.
  • Sanitization: Absent; the skill does not include steps to sanitize or validate fetched text.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 06:55 AM
Security Audit — agent-trust-hub — github