address-pr-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Susceptibility to indirect prompt injection from PR reviews. 1. Ingestion points: In SKILL.md, review bodies and comment threads are fetched using the gh api graphql command. 2. Boundary markers: No delimiters are used to wrap the untrusted content or warn the agent to ignore instructions within it. 3. Capability inventory: The skill allows the agent to modify the codebase and execute gh CLI commands. 4. Sanitization: No input validation or sanitization is performed on the fetched PR content.
- [COMMAND_EXECUTION]: The skill executes shell commands via the GitHub CLI (gh) to retrieve and modify PR data.
Audit Metadata