Skills
skills/corygabrielsen/skills/loop-address-pr-feedback/Gen Agent Trust Hub

loop-address-pr-feedback

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches review feedback from external sources and processes it using a code-generation agent.
  • Ingestion points: The skill fetches review comments and issue comments via the GitHub API (/issues/{num}/comments and /pulls/{num}/comments) in the Gather phase.
  • Boundary markers: The Fix phase task prompt (Fix the issue found by code review: ...) does not include delimiters or instructions for the sub-agent to ignore potential instructions embedded within the feedback.
  • Capability inventory: The agent has the capability to write code, commit changes, and push to remote repositories, which provides a direct path for executing injected instructions.
  • Sanitization: No sanitization or validation logic is present to filter malicious content from the review comments before processing.
  • [COMMAND_EXECUTION]: The skill uses several command-line tools to interact with the repository and the GitHub API.
  • Evidence: Executes gt (Graphite CLI) for stack management and log analysis.
  • Evidence: Uses gh (GitHub CLI) for PR list and API interactions.
  • Evidence: Performs standard git operations (add, commit, push) to manage the repository state.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 10:08 AM