Skills
skills/lovstudio/dev-skills/lovstudio-gh-contribute/Gen Agent Trust Hub

lovstudio-gh-contribute

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands via git and the gh CLI to perform repository management tasks.
  • Evidence: Multiple steps in SKILL.md involve commands like git status, git diff, git push, and gh pr create to manage the lifecycle of a pull request.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and metadata from GitHub repositories to ensure contributions follow project guidelines.
  • Evidence: Step 2 in SKILL.md uses the GitHub API to download content such as CONTRIBUTING.md and PR templates from the target upstream repository.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes instructions found in external repository files.
  • Ingestion points: Fetching CONTRIBUTING.md, CODE_OF_CONDUCT.md, and PR templates from untrusted upstream repositories in Step 2 of SKILL.md.
  • Boundary markers: No specific delimiters are used when interpreting the content of these external files.
  • Capability inventory: The agent can perform git commit, git push, and gh pr create based on its interpretation of the repo rules.
  • Sanitization: There is no explicit sanitization of the fetched repository documentation before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:50 AM