inbox-list-notifications
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Standard Command Execution: The skill uses the 'gh' CLI to interact with the GitHub API. This is a common and appropriate use of system tools for developer-oriented tasks.
- Built-in Safety Constraints: The instructions explicitly forbid the use of shell pipes, redirects, or wrapping commands in scripts. This is a security best practice that reduces the risk of accidental command injection or the execution of untrusted output from the API.
- Handling of External Data: The skill processes data fetched from GitHub notifications. While this data originates from an external source, the skill's structure limits the interaction to sorting and displaying specific fields, which is consistent with its intended use-case.
- Usage of Internal Tooling: It leverages the 'execute' tool with specific flags like '--jq' and '--paginate' to handle data processing internally within the 'gh' command, avoiding the need for external dependencies or complex script generation.
Audit Metadata