get-pr-comments
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it ingests and processes untrusted external data in the form of PR review and discussion comments.
- Ingestion points: PR review comments and discussion comments fetched from a version control provider (documented in SKILL.md Workflow steps 2 and 3).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the fetched comments are defined in the workflow.
- Capability inventory: The workflow focuses on data retrieval, grouping, and summarization; no dangerous system-level capabilities or file-system write operations are explicitly defined in this file.
- Sanitization: There is no mention of sanitizing, escaping, or validating the external comment content before it is processed by the agent.
Audit Metadata