follow-up-with-gemini
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (GitHub PR comments) to determine workflow actions like resolving threads.
- Ingestion points: Reads PR metadata and comment bodies using
./scripts/agents/tooling/agentTool.ts. - Boundary markers: No explicit boundary markers are used when processing comment data.
- Capability inventory: Includes capabilities to push code, reply to comments, and resolve review threads.
- Sanitization: Employs keyword-based checks for positive phrases (e.g., 'looks good') and negative qualifiers (e.g., 'but') to validate confirmation before resolving.
Audit Metadata