github-discussion-to-devrel-content
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a provided Python script (scripts/fetch_discussions.py) to fetch data from the GitHub GraphQL API. This is a functional requirement for the skill and uses the Python standard library to perform network requests.
- [CREDENTIALS_UNSAFE]: The skill requires a GitHub Personal Access Token (GITHUB_TOKEN) for authentication with the GitHub API. It correctly instructs the user to provide this via environment variables or a .env file, adhering to security best practices for secret management.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing a management CLI via npx and using a well-known third-party tool (download-directory.github.io) to fetch the skill files. These are documented installation methods and do not involve silent or malicious downloads.
- [SAFE]: The skill is transparent in its operations, handles credentials securely, and focuses on analyzing public repository data to generate a markdown report. No evidence of data exfiltration, obfuscation, or malicious persistence was found.
Audit Metadata