Skills
skills/liblaf/skills/sync-github-repo-metadata/Gen Agent Trust Hub

sync-github-repo-metadata

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh repo view and gh repo edit to manage GitHub repository metadata. This behavior is consistent with the skill's stated purpose of synchronizing repository descriptions and topics.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from repository files (source code, README, package metadata) to infer updates. 1. Ingestion points: Reads repository facts from local source files (referenced in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Uses gh repo edit to modify remote repository settings (referenced in SKILL.md). 4. Sanitization: Absent. The risk is mitigated by the mandatory preview and explicit user confirmation step required before any changes are applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 02:27 PM
Security Audit — agent-trust-hub — sync-github-repo-metadata