Skills
skills/jdevalk/skills/github-repo/Gen Agent Trust Hub

github-repo

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from existing repositories which could contain malicious instructions aimed at influencing the agent's behavior during the audit.
  • Ingestion points: Reads repository files, README contents, and metadata in Phase 0 (SKILL.md).
  • Boundary markers: Does not specify delimiters or instructions to ignore embedded commands in analyzed content.
  • Capability inventory: Can write or modify files in the local repository and interact with the GitHub API via the gh CLI (SKILL.md, Phase 2).
  • Sanitization: No explicit sanitization of ingested repository data before processing.- [COMMAND_EXECUTION]: The skill instructs the agent to use the GitHub CLI (gh) to retrieve repository information and metadata. This is a primary function of the skill but involves executing shell commands to interface with external services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 01:33 PM
Security Audit — agent-trust-hub — github-repo