address-github-comments
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data. 1. Ingestion points: Untrusted data is retrieved from GitHub using
gh pr view --commentsinSKILL.md. 2. Boundary markers: Absent; there are no instructions or delimiters provided to the agent to distinguish between its instructions and the content of the comments. 3. Capability inventory: The agent is instructed to "Apply the code changes" and can post responses usinggh pr commentas defined inSKILL.md. 4. Sanitization: Absent; the instructions do not include steps to validate or filter the external content before processing it. - [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) for authentication and pull request interactions. These commands are standard for the skill's purpose and do not represent a security risk within this context.
Audit Metadata