add-github
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches external source code from a specific git branch (
origin/channels) and overwrites local project files. It also installs the@chat-adapter/githubpackage from an external registry. - [COMMAND_EXECUTION]: Executes multiple shell commands to manage the environment, including
git fetch,pnpm install, andpnpm run build. It also performs service lifecycle operations usingsystemctlorlaunchctlto restart the host application. - [PROMPT_INJECTION]: Creates an indirect prompt injection vector by configuring the agent to process and respond to untrusted data from GitHub pull request and issue comments.
- Ingestion points: Pull request and issue comment threads via webhooks (
SKILL.md). - Boundary markers: None identified in the provided instructions to differentiate between user data and system instructions.
- Capability inventory: Repository write access, including the ability to post comments and interact with PRs via a Personal Access Token (
SKILL.md). - Sanitization: No sanitization or validation of incoming comment text is documented.
Audit Metadata