gh-cli
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Provides detailed documentation and examples for executing GitHub CLI (
gh) commands. These examples are intended to guide users in managing their GitHub resources through the terminal. - [EXTERNAL_DOWNLOADS]: Includes references to standard tool features for installing extensions (
gh extension install) and downloading release assets (gh release download). These patterns are consistent with the official functionality of the GitHub CLI. - [DATA_EXFILTRATION]: Documents legitimate administrative commands used for retrieving sensitive data like authentication tokens (
gh auth token) and repository secrets (gh secret list). No patterns indicating automated or unauthorized exfiltration were detected. - [PROMPT_INJECTION]: The skill describes commands that ingest external, untrusted data from GitHub (e.g., pull request content and issue descriptions).
- Ingestion points: Commands in
references/issues.mdandreferences/prs.mdfacilitate reading text from external GitHub repositories. - Boundary markers: The documentation does not specify the use of delimiters to isolate untrusted data from the agent's instructions.
- Capability inventory: The environment includes capabilities for arbitrary API interaction (
gh api) and third-party code execution (gh extension exec). - Sanitization: As a reference guide, the skill does not implement sanitization, which is expected for this type of content.
Audit Metadata