Skills
skills/l3digital-net/claude-code-plugins/community-health/Gen Agent Trust Hub

community-health

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses the gh-manager CLI tool to interact with the GitHub API, performing operations such as checking file existence, reading file content (files get), creating branches, pushing commits (files put), and managing labels.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the ingestion and processing of untrusted content from GitHub repositories.
  • Ingestion points: Untrusted data enters the agent context via gh-manager files get for files like CONTRIBUTING.md and via the gh-manager prs list command.
  • Boundary markers: There are no defined boundary markers or instructions to the agent to disregard instructions potentially embedded within the repository files being audited.
  • Capability inventory: The skill possesses capabilities to write to repositories, create branches, and open pull requests based on the analysis of external repository data.
  • Sanitization: The skill performs heuristic checks for placeholders (e.g., 'TODO' or 'example.com') and branch name consistency but lacks robust sanitization or escaping of the ingested content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:36 PM
Security Audit — agent-trust-hub — community-health