Skills
skills/composiohq/awesome-codex-skills/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill reads data from GitHub PRs and uses it to drive code modifications. Ingestion points: PR comments and review threads fetched in scripts/fetch_comments.py. Boundary markers: Absent; there are no instructions to the agent to distinguish between its own logic and the data from comments. Capability inventory: The agent is instructed to 'Apply fixes', granting it file-writing and code-modification capabilities. Sanitization: Absent; raw comment text is used without filtering.
  • [Privilege Escalation] (MEDIUM): The documentation in SKILL.md requests require_escalated sandbox permissions and 'elevated network access' for the gh CLI. This circumvents standard security restrictions and grants the agent excessive authority.
  • [Command Execution] (LOW): The skill interacts with the system using the gh CLI. While the provided Python script uses secure subprocess calling patterns (list-based execution without shell=True), the agent's task of applying 'fixes' from external input could be manipulated into executing arbitrary logic or unintended filesystem modifications.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:12 PM