apm-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution]: The skill utilizes the official
gh(GitHub) CLI to validate project claims through objective metrics such as stars, issues, and traffic. This is a standard and expected interaction for managing repository health and release artifacts. - [Supply Chain Security Consideration]: The instructions explicitly mention prioritizing supply chain security and external-contributor triage, reflecting a focus on secure development lifecycle practices.
- [Indirect Prompt Injection Surface]: The skill processes project-level files such as
README.md, issue templates, and pull request templates which may contain content from external contributors. While these represent a potential surface for indirect instructions, the skill's requirement to ground all claims in verifiable data from theghCLI serves as a robust functional validation step.
Audit Metadata