github
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the use of the official GitHub CLI (
gh), which is a well-known and trusted utility from a reputable service.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials or sensitive file paths are accessed. Setup documentation follows standard authentication practices and correctly identifies configuration paths like GH_CONFIG_DIR.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes data from GitHub (e.g., issue descriptions and PR bodies). While this constitutes an attack surface for indirect prompt injection, it is the primary functional purpose of the tool and is considered a low-severity risk in this context.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Dependencies are limited to the official GitHub CLI installed via standard system package managers (brew and apt), which are trusted sources.
Audit Metadata