Skills
skills/arjenschwarz/agentic-coding/pr-review-fixer/Gen Agent Trust Hub

pr-review-fixer

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests untrusted data from GitHub PR comments and processes them to determine 'actionable items' for fixing code.
  • Ingestion points: The skill uses the gh CLI to fetch reviewThreads, reviews, and comments from GitHub, which are authored by external users.
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between 'data' (the review text) and 'instructions'. The agent is prompted to 'Parse the comment for actionable items'.
  • Capability inventory: The agent has broad capabilities including Bash (arbitrary command execution via make test, pytest, etc.), Write/Edit (modifying any file in the repository), and gh (modifying PR state and posting comments).
  • Sanitization: No sanitization or safety-filtering is applied to the incoming comment text before the agent evaluates it.
  • Command Execution (SAFE): The skill executes local build and test tools (make, pytest, go test). While this executes code from the repository, it is the intended primary purpose of a PR-fixer skill and is considered a standard capability for this use case.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 01:38 PM