github-triage
github.com/code-yeongyu/oh-my-openagentVerdict: Safe to install
0 critical0 high2 medium
A
SCORE 95 / 100
$skillox install github-triageSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.
Why grade A?
score · 95 / 100The current grade reflects 2 minor findings below all thresholds.
0 CRIT0 HIGH2 MED0 LOW
Already at the top grade — no further rules to pass.
Latest scan findings
Scan crawl-ll19fmfeq3cmm2n97kfmj6jl · Thu, 28 May 2026 17:17:21 GMT · 6ms
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestmedLink text shows "loader.ts" but points at github.comThe visible link text contains the domain `loader.ts`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "loader.ts" but points at github.com
The visible link text contains the domain `loader.ts`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
248## Findings
249[Each finding with permalink proof. Example:]
250- The config is parsed in [`src/config/loader.ts#L42-L58`](https://github.com/{REPO}/blob/{SHA}/src/config/loader.ts#L42-L58)← text→loader.ts · href→github.com
251
252## Suggested Answer
skillox.io/c/github-triage