Skills
skills/beeman/skills/gh-pr-review-comments/Gen Agent Trust Hub

gh-pr-review-comments

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub PR comments.
  • Ingestion points: The skill fetches review comments using the gh api --paginate repos/{owner}/{repo}/pulls/{pr}/comments command as described in SKILL.md and references/github-review-threads.md.
  • Boundary markers: The instructions define triage rules but do not implement strict boundary delimiters or specific instructions to ignore malicious commands embedded within the comment content.
  • Capability inventory: The agent has significant capabilities including file system modification, git commit, git push (including --force-with-lease), and gh api interactions for replying to and resolving threads (SKILL.md, references/github-review-threads.md).
  • Sanitization: No explicit validation, escaping, or sanitization of the comment text is performed before the agent uses it to decide on code modifications or to generate replies.
  • [COMMAND_EXECUTION]: The skill utilizes standard developer tools including the gh (GitHub CLI) and git for repository management. These tools are used for legitimate operations such as fetching data from GitHub, committing code, and pushing updates. The skill incorporates several best practices, such as checking branch commit history before performing history rewrites and ensuring user approval is obtained for push operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:43 AM