github-issues

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill attempts to locate and extract GitHub authentication tokens by reading sensitive local files including ~/.git-credentials and ~/.hermes/.env. While this is intended to provide the necessary authorization for API requests to api.github.com, it involves the exposure of credentials to the agent's execution environment.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the processing of untrusted data from external GitHub repositories.
  • Ingestion points: Untrusted data enters the agent context through the output of gh issue list, gh issue view, and equivalent curl commands in SKILL.md which fetch issue titles, bodies, and comments.
  • Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore instructions embedded within the processed issue data.
  • Capability inventory: The skill has the capability to execute shell commands (gh, curl), perform network operations to GitHub, and process data using python3 across the main SKILL.md file.
  • Sanitization: There is no evidence of sanitization or filtering applied to the external content before it is presented to the agent, allowing raw user-generated content from issues to be interpreted as part of the context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — github-issues