git-commit-submit-pr-and-verify
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It directs the agent to 'resolve or address' comments and 'fix anything that is broken' based on PR feedback. This allows an attacker who can comment on a PR to potentially inject malicious instructions that the agent would then execute as part of its automated fix-and-repeat loop.
- Ingestion points: External Pull Request comments and CI/CD check outputs (referenced in SKILL.md).
- Boundary markers: Absent. The prompt does not provide delimiters or instructions to ignore embedded commands within the comments.
- Capability inventory: The skill is permitted to use the 'Bash' tool to execute shell commands and modify code.
- Sanitization: None. There is no evidence of filtering or validation for the feedback received from external contributors or systems.
- [COMMAND_EXECUTION]: The skill leverages the 'Bash' tool to perform git operations and apply fixes. Because it acts on unsanitized external inputs (PR comments), it creates a vector where arbitrary commands could be executed if an attacker successfully influences the agent's logic.
Audit Metadata