address-github-comments
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection as it ingests untrusted data from GitHub PR comments.
- Ingestion points: External comments are fetched via
gh pr view --commentsinsub-skills/1-inspect-comments.md. - Boundary markers: None. The skill does not instruct the agent to treat comment content as data rather than instructions.
- Capability inventory: The skill allows for local file modifications (applying fixes) and external communication (
gh pr comment). - Sanitization: There is no mention of sanitizing or escaping the content of the comments before processing.
- [Command Execution] (SAFE): The skill uses the standard GitHub CLI (
gh) for its operations. While it executes shell commands, they are strictly related to the declared purpose of the skill (authenticating, viewing PRs, and commenting).
Audit Metadata