Skills
skills/jdevalk/skills/github-profile/Gen Agent Trust Hub

github-profile

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to retrieve user and repository information (gh api user, gh api users/{username}/repos). This is the intended and secure method for accessing profile data and does not pose a risk of arbitrary code execution.
  • [EXTERNAL_DOWNLOADS]: The skill provides templates and links to well-known third-party GitHub stats widgets and README generators (e.g., github-readme-stats.vercel.app, shields.io, readme.so). These are recognized industry-standard services for profile customization.
  • [PROMPT_INJECTION]: The skill processes profile data to generate README content.
  • Ingestion points: Profile bio and repository descriptions fetched via gh api in SKILL.md.
  • Boundary markers: Absent; the skill does not explicitly delimit untrusted data in its generation prompts.
  • Capability inventory: File writing to README.md; no sensitive subprocess calls or network exfiltration identified.
  • Sanitization: Absent; no specific sanitization of the fetched profile content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:49 AM
Security Audit — agent-trust-hub — github-profile