Skills
skills/colonelpanic8/dotfiles/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fetch_comments.py executes multiple gh CLI commands (including gh auth status, gh pr view, and gh api graphql) using the subprocess module to interact with GitHub repositories.
  • [PROMPT_INJECTION]: Instructions in SKILL.md direct the agent to override standard security constraints by requesting "elevated network access" and "require_escalated" permissions when using the GitHub CLI tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted text from external GitHub comments and reviews and is instructed to "Apply fixes" based on that content.
  • Ingestion points: Untrusted data enters the agent context via the scripts/fetch_comments.py script, which fetches pull request comments and review bodies.
  • Boundary markers: None. The skill does not provide markers or instructions to treat external comment content as untrusted.
  • Capability inventory: The agent is authorized to modify the codebase ("Apply fixes") based on the input from these comments.
  • Sanitization: None. The skill does not perform any validation or filtering of the fetched comment data before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 01:28 AM