gh-cli

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Provides detailed documentation and examples for executing GitHub CLI (gh) commands. These examples are intended to guide users in managing their GitHub resources through the terminal.
  • [EXTERNAL_DOWNLOADS]: Includes references to standard tool features for installing extensions (gh extension install) and downloading release assets (gh release download). These patterns are consistent with the official functionality of the GitHub CLI.
  • [DATA_EXFILTRATION]: Documents legitimate administrative commands used for retrieving sensitive data like authentication tokens (gh auth token) and repository secrets (gh secret list). No patterns indicating automated or unauthorized exfiltration were detected.
  • [PROMPT_INJECTION]: The skill describes commands that ingest external, untrusted data from GitHub (e.g., pull request content and issue descriptions).
  • Ingestion points: Commands in references/issues.md and references/prs.md facilitate reading text from external GitHub repositories.
  • Boundary markers: The documentation does not specify the use of delimiters to isolate untrusted data from the agent's instructions.
  • Capability inventory: The environment includes capabilities for arbitrary API interaction (gh api) and third-party code execution (gh extension exec).
  • Sanitization: As a reference guide, the skill does not implement sanitization, which is expected for this type of content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:00 AM
Security Audit — agent-trust-hub — gh-cli