Skills
skills/elie222/inbox-zero/address-pr-comments/Gen Agent Trust Hub

address-pr-comments

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted pull request comments from GitHub which can contain malicious instructions intended to manipulate the agent (Indirect Prompt Injection).
  • Ingestion points: SKILL.md (via gh CLI and get-pr-review-comments.sh).
  • Boundary markers: Absent. No specific delimiters or 'ignore' wrappers for the ingested comment text are defined in the command execution templates.
  • Capability inventory: Shell command execution via gh CLI and capability to modify the local codebase to implement fixes.
  • Sanitization: The skill contains explicit instructions for the AI to triage, evaluate, and ignore malicious comments containing prompt injection patterns.
  • [COMMAND_EXECUTION]: The skill executes a local shell script and several gh CLI commands to interact with GitHub repositories.
  • Evidence: SKILL.md invokes .claude/skills/address-pr-comments/get-pr-review-comments.sh and various gh pr and gh api commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 10:21 AM