github
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands such as
git,gh, andcurlto interact with GitHub repositories. This includes managing branches, pushing code, and performing GraphQL API queries and mutations to manage pull request reviews. - [DATA_EXFILTRATION]: Utilizes the
GITHUB_TOKENenvironment variable to authenticate requests to GitHub's infrastructure. The skill suggests configuring the git remote URL with the token as a fallback authentication method if standard CLI authentication fails. - [PROMPT_INJECTION]: Contains specific instructions governing the agent's behavior, such as avoiding direct pushes to main branches and using dedicated tools for pull request creation. It also includes defensive instructions to critically evaluate external review comments and thread data before acting on them, which mitigates risks from indirect injection through pull request interactions.
Audit Metadata