Skills
skills/yonatangross/orchestkit/github-operations/Gen Agent Trust Hub

github-operations

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and provides instructions for installing external components:
  • Mentions the installation of the GitHub Copilot standalone binary from official GitHub sources (cli.github.com), which is a well-known service.
  • References the third-party GitHub CLI extension yahsan2/gh-sub-issue for managing sub-issues in references/issue-management.md.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute gh CLI commands and shell scripts. Example scripts in examples/automation-scripts.md demonstrate bulk operations, such as closing stale issues, syncing labels, and automating PR merges. These operations are within the stated scope of GitHub project management.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality:
  • Ingestion points: The skill reads untrusted data from GitHub issue bodies, PR descriptions, and diffs using commands like gh issue view, gh pr view, and gh pr diff (referenced in references/pr-workflows.md and references/issue-management.md).
  • Boundary markers: There are no explicit instructions or delimiters defined to separate instructions from the data fetched from GitHub.
  • Capability inventory: The agent has access to Bash, Write, Edit, and the gh CLI, allowing it to modify the repository or execute local commands based on processed data.
  • Sanitization: The provided example scripts do not implement sanitization or validation of the content retrieved from issue or PR fields before processing it in loops or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 09:19 PM