gh-cli
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform repository and automation tasks using the
ghcommand-line tool. It includes principles for safe usage, such as running read-only commands first and using explicit repository scoping with--repo. - [DATA_EXFILTRATION]: The skill manages authentication through the GitHub CLI but explicitly warns against printing auth tokens (e.g.,
gh auth token). It also recommends that the agent summarize output that may contain sensitive data rather than displaying it verbatim. - [PROMPT_INJECTION]: The skill includes instructions to read untrusted content from GitHub, creating a surface for indirect prompt injection. \n
- Ingestion points: Reading issue comments, PR comments, PR diffs, and workflow logs via
gh issue view,gh pr view, andgh run viewin SKILL.md. \n - Boundary markers: No explicit markers are defined to separate external data from system instructions. \n
- Capability inventory: The skill allows creating issues, pull requests, and triggering GitHub Actions workflows via
gh issue create,gh pr create, andgh workflow runin SKILL.md. \n - Sanitization: No sanitization is specified for external content beyond the general advice to summarize sensitive data.
Audit Metadata