closing-issues
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the official GitHub API (api.github.com) using urllib.request. This is a well-known service and the behavior is consistent with the skill's stated purpose.
- [SAFE]: Authentication is performed using standard environment variables (GH_TOKEN or GITHUB_TOKEN), which is a secure practice for managing API keys.
- [SAFE]: The skill includes a fallback mechanism to dynamically load its core dependency, the flowing skill, from a local directory (/mnt/skills/user/flowing/scripts/flowing.py). This is a legitimate way to manage dependencies in the intended runtime environment.
- [SAFE]: No evidence of obfuscation, malicious command execution, or data exfiltration to untrusted domains was found.
Audit Metadata