address-github-comments
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data from GitHub comments.
- Ingestion points: Comments are fetched using
gh pr view --commentsinSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat fetched comments strictly as data rather than instructions.
- Capability inventory: The skill possesses the capability to modify the local filesystem (Step 3: 'Apply fixes') and perform network write operations via the GitHub API (
gh pr comment). - Sanitization: There is no evidence of sanitization or filtering applied to the retrieved comment text.
- [Command Execution] (SAFE): The skill uses
ghCLI commands (auth status,pr view,pr comment) which are appropriate for the stated purpose of managing PR feedback.
Audit Metadata