multi-gh
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses highly sensitive files and directories to diagnose authentication issues.\n
- Evidence: Uses
ls -la ~/.sshandsed -n '1,220p' ~/.ssh/configto inspect configuration.\n - Impact: These files contain host definitions and identity file paths. While used for diagnosis, exposing this information to the agent context is a data exposure risk.\n- [COMMAND_EXECUTION]: The skill relies on executing system commands to inspect and modify the local environment.\n
- Evidence: Commands like
gh auth status,ssh-add -l,ssh -T, andgit remote set-urlare used to manage authentication and repositories.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the ingestion of local configuration data.\n - Ingestion points: Reads configuration from
~/.ssh/configand the output ofgit remote -v.\n - Boundary markers: Absent.\n
- Capability inventory: The skill can modify local git configuration using
git remote set-urlandgit config.\n - Sanitization: Absent. The skill processes the output of system commands directly.
Audit Metadata