Skills
skills/aivokone/ak-skills/pr-fix-loop/Gen Agent Trust Hub

pr-fix-loop

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a suite of shell scripts to manage Git and GitHub operations. It enforces a strict policy that the agent must use these scripts rather than raw commands, which reduces the risk of accidental or malicious command injection during the automated loop.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its core function is to ingest and act upon PR comments and reviews from external sources.
  • Ingestion points: check-pr-feedback.sh and check-new-feedback.sh retrieve text from GitHub conversation comments, inline threads, and review submissions.
  • Boundary markers: Absent in scripts, though the documentation provides explicit safety instructions to the agent to critically evaluate every comment and never trust review feedback at face value.
  • Capability inventory: Includes repository writes via commit-and-push.sh and GitHub API writes via reply-to-inline.sh, post-fix-report.sh, and invoke-review-agents.sh.
  • Sanitization: No automated sanitization is performed on the incoming PR feedback data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:50 PM