repo-manager-reference
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a large surface area for repository operations through the
gh-manager.jshelper script. This includes high-impact actions such as deleting branches (branches delete), merging pull requests (prs merge), and modifying global configurations (config portfolio-write). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its interaction with untrusted external data.
- Ingestion points: Data enters the agent context through commands like
gh-manager files get,gh-manager prs comments,gh-manager issues get, andgh-manager discussions list(SKILL.md). - Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The tool possesses significant write and administrative capabilities, including file writing/deletion, branch management, PR merging, and issue closure (SKILL.md).
- Sanitization: No explicit sanitization or validation logic is mentioned for content retrieved from external repository sources.
Audit Metadata