github-cli
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves as a legitimate helper for using the GitHub CLI to manage development tasks.
- [COMMAND_EXECUTION]: The skill uses the run_command tool to execute standard gh commands. These include read-only operations like viewing PRs and issues, as well as state-changing operations like checking out branches, which are consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes external content from GitHub repositories (e.g., pull request comments and issue bodies). This creates a surface for indirect prompt injection where untrusted data enters the agent context via gh pr view, gh issue view, and GraphQL queries. While the skill lacks explicit boundary markers or sanitization for this retrieved content, such behavior is intrinsic to the skill's primary function of retrieving and reviewing external data. No evidence of malicious intent or safety bypass was detected.
Audit Metadata