Trust Assessment
github-pro received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions: High-privilege GitHub CLI commands exposed, Excessive Permissions: Arbitrary GitHub API calls via `gh api`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: High-privilege GitHub CLI commands exposed The skill exposes several high-privilege GitHub CLI commands that can modify repository state or perform sensitive actions. Specifically, `gh pr review --approve` can approve pull requests, `gh release create` can create new releases, and `gh api` can make arbitrary GitHub API calls, potentially leading to unauthorized modifications, data exfiltration, or other malicious actions if the LLM is prompted to execute these commands with untrusted user input. These commands grant broad capabilities that could be abused. Implement strict access controls and human-in-the-loop confirmation for any skill execution involving commands that modify repository state (e.g., PR approvals, release creation, arbitrary API calls). Consider restricting the LLM's ability to directly execute such commands without explicit user consent or a robust validation layer. If possible, use more granular GitHub API tokens that only grant necessary permissions. | LLM | SKILL.md:20 | |
| HIGH | Excessive Permissions: High-privilege GitHub CLI commands exposed The skill exposes several high-privilege GitHub CLI commands that can modify repository state or perform sensitive actions. Specifically, `gh pr review --approve` can approve pull requests, `gh release create` can create new releases, and `gh api` can make arbitrary GitHub API calls, potentially leading to unauthorized modifications, data exfiltration, or other malicious actions if the LLM is prompted to execute these commands with untrusted user input. These commands grant broad capabilities that could be abused. Implement strict access controls and human-in-the-loop confirmation for any skill execution involving commands that modify repository state (e.g., PR approvals, release creation, arbitrary API calls). Consider restricting the LLM's ability to directly execute such commands without explicit user consent or a robust validation layer. If possible, use more granular GitHub API tokens that only grant necessary permissions. | LLM | SKILL.md:24 | |
| MEDIUM | Excessive Permissions: Arbitrary GitHub API calls via `gh api` The skill demonstrates the use of `gh api` which allows making arbitrary calls to the GitHub API. While the example provided is for reading data, the `gh api` command itself is very powerful and could be used to perform any action permitted by the underlying GitHub token, including creating, updating, or deleting resources. If the LLM is prompted to construct and execute `gh api` calls based on untrusted user input, it could lead to unauthorized actions or data exfiltration. Implement strict validation and sanitization of any user-provided input used to construct `gh api` calls. Prefer using specific, less powerful `gh` CLI commands over `gh api` when possible. If `gh api` is necessary, ensure that the LLM's generated API paths and parameters are strictly whitelisted or validated against a safe schema. Require human confirmation for any `gh api` call that performs write operations. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/9c161ed22c42dbe4)
Powered by SkillShield