search-github
Fail
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to use
mode: "bypassPermissions"when invoking thegithub-searchersub-agent. This is a direct attempt to override the platform's security constraints and access controls. - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources (GitHub issues, discussions, and PRs) and instructs the agent to report results "exactly as returned." This lack of sanitization or boundary markers creates a significant surface for indirect prompt injection, where malicious instructions embedded in public GitHub content could be executed by the agent or mislead the user.
Recommendations
- AI detected serious security threats
Audit Metadata