github-scanning
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface identified via the ingestion of untrusted repository data.
- Ingestion points: The skill instructs the agent to read and apply configuration filters from
.github/agents/preferences.mdlocated within the repositories being scanned (Preferences File Integration section). - Boundary markers: The skill does not provide instructions to the agent to treat the content of the preferences file as untrusted or to use delimiters to prevent instruction override.
- Capability inventory: The agent performs search, fetch, and display operations for Issues, PRs, Discussions, Releases, and Security alerts.
- Sanitization: No validation or sanitization of the preference file's content is described.
- [PROMPT_INJECTION]: Indirect Prompt Injection risk through automated cross-repository referencing.
- Ingestion points: The skill suggests automatically fetching and surfacing content when an issue contains a cross-repo reference (e.g.,
owner/repo#N). - Boundary markers: Absent.
- Capability inventory: Automated fetching of content from arbitrary repositories mentioned in processed data.
- Sanitization: Absent.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include executable scripts or external package dependencies.
Audit Metadata