Skills
skills/jackchuka/ghpm/ghpm-shared/Gen Agent Trust Hub

ghpm-shared

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the gh CLI to interact with GitHub Projects and uses shell commands for cache management and git branch detection. Additionally, it automates the installation of a persistent shell hook into .claude/settings.local.json. This hook executes complex shell logic (git, grep, sed, date) every time a user submits a prompt in that environment.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing and displaying data from GitHub Projects.
  • Ingestion points: Fetches item titles and fields from GitHub via the gh CLI and stores them in local JSON files (.ghpm/cache.json, .ghpm/sessions/*.json).
  • Boundary markers: The output formatting conventions in references/format.md do not include delimiters or instructions for the agent to ignore embedded commands in the external data.
  • Capability inventory: The skill executes shell commands and modifies agent-level configuration files.
  • Sanitization: There is no evidence of sanitization or escaping of project content before it is presented to the AI agent or processed by the integration hooks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 03:52 PM