github-pr-inline-reply
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect prompt injection surface detected. The skill ingests untrusted PR comments which could contain instructions to manipulate the agent's behavior. -- Ingestion points: GitHub PR comments fetched via
gh apiin SKILL.md. -- Boundary markers: No markers or warnings to the agent about ignoring embedded instructions in the comments are present. -- Capability inventory: Skill possesses network write capabilities viagh apito post replies and resolve threads in SKILL.md. -- Sanitization: No evidence of sanitization or validation of the comment body before processing. - COMMAND_EXECUTION (SAFE): Use of
ghCLI for GitHub API interactions is consistent with the skill's stated purpose and uses standard parameters.
Audit Metadata