Skills
skills/aspiers/ai-config/pr-comment-resolving/Gen Agent Trust Hub

pr-comment-resolving

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gh (GitHub CLI) tool and bash commands to interact with pull request data, execute API calls, and manage local temporary files within a tmp/ directory for data processing.
  • [PROMPT_INJECTION]: The skill involves an indirect prompt injection surface as it ingests and acts upon external, untrusted content from GitHub PR comments and reviews. This feedback could potentially contain instructions intended to influence the agent's behavior during code modification or response generation.
  • Ingestion points: External data is fetched and stored in tmp/review-threads.json, tmp/issue-comments.json, and tmp/reviews.json (SKILL.md).
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands when processing comment content.
  • Capability inventory: The skill possesses capabilities to modify files, execute shell commands via bash, and perform GitHub repository operations via gh.
  • Sanitization: No explicit sanitization or filtering logic is prescribed for the ingested comment text before the agent evaluates and acts on the feedback.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:50 PM