pr-resolver
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to extract 'AI Fix Prompts' from external, potentially untrusted sources (PR comments) and use them as primary instructions for code modifications.\n
- Ingestion points: Fetches data from GitHub PR comments via the 'gh' CLI as described in Phase 1 of SKILL.md.\n
- Boundary markers: Lacks explicit boundary markers or system-level instructions to ignore adversarial directives embedded in the comment text.\n
- Capability inventory: The agent has the capability to write to the local file system (Edit tool) and perform network/git operations (git commit, git push, gh api) to modify the remote repository.\n
- Sanitization: There is no documented logic to sanitize, validate, or filter the content of the extracted prompts before processing.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands using 'gh' and 'git' for repository management and API interaction. These are part of the intended functionality but increase the impact of a successful injection attack.
Audit Metadata