Skills
skills/automindtechnologie-jpg/ultimate-skill.md/address-github-comments/Gen Agent Trust Hub

address-github-comments

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data from GitHub PR comments which could contain malicious instructions designed to override the agent's behavior. 1. Ingestion points: GitHub PR comments are fetched using gh pr view --comments in SKILL.md. 2. Boundary markers: Absent. The skill provides no instructions to separate system directives from the untrusted comment content. 3. Capability inventory: The skill allows the agent to 'Apply Fixes' (write to files) and perform automated feedback via gh pr comment. 4. Sanitization: Absent.
  • [Command Execution] (LOW): The skill utilizes the GitHub CLI (gh) for viewing and commenting on PRs. While these are standard operations, they serve as the functional 'sink' that an attacker can exploit via the injection vulnerability.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:38 AM