Skills
skills/lovstudio/gh-tidy-skill/lovstudio-gh-tidy/Gen Agent Trust Hub

lovstudio-gh-tidy

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) and git to read repository states and perform actions like merging PRs or deleting branches.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub (issue and PR titles, labels, and comments) to analyze and present it to the user. Maliciously crafted data in the repository could attempt to influence the agent's analysis or suggested actions via indirect prompt injection.
  • Ingestion points: Issue and PR metadata retrieved from GitHub via gh commands in SKILL.md.
  • Boundary markers: None; external data is not delimited or flagged as untrusted in the instructions.
  • Capability inventory: Destructive repository commands such as branch deletion, issue closing, and PR merging.
  • Sanitization: None; external repository content is processed raw.
  • Mitigation: The skill forces a mandatory user-approval step (Step 3: Triage) before any execution occurs, which is a strong control against automated malicious behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:07 AM