Skills
skills/mgiovani/skills/gh-daily/Gen Agent Trust Hub

gh-daily

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several local shell commands to gather data, including gh (GitHub CLI), git, jq, and date. These are used for their intended purpose of retrieving repository status, commit history, and issue/PR details.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub issues, pull requests, and notifications, which creates an indirect prompt injection surface. Malicious content in an issue or PR could potentially influence the agent's report generation.
  • Ingestion points: Data enters the context via gh issue list, gh pr list, and gh api notifications commands in SKILL.md.
  • Boundary markers: The prompts for the 'SubAgents' in Phase 4 lack explicit delimiters or instructions to ignore embedded instructions within the processed text.
  • Capability inventory: The skill has shell execution capabilities (gh, git) and read access to the local repository.
  • Sanitization: There is no evidence of sanitization or filtering of the GitHub content before it is processed by the AI agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 04:31 PM
Security Audit — agent-trust-hub — gh-daily