fusion-github-review-resolution
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate workflow for resolving GitHub pull request threads. It uses standard developer tools (gh, git, jq) for its operations and restricts its network activity to official GitHub APIs.
- [SAFE]: Helper scripts (get-review-comments.sh, resolve-review-comments.sh) include robust input validation for repository names and owner names using regular expressions to prevent common command injection or path traversal attacks.
- [SAFE]: The resolve-review-comments.sh script implements a dry-run-first safety model and incorporates duplicate-reply guards to prevent the agent from repeatedly posting the same comment during execution retries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes review comment bodies from pull requests.
- Ingestion points: PR comment content is fetched via GraphQL in scripts/get-review-comments.sh.
- Boundary markers: The skill does not employ technical delimiters (like XML tags) for external content, but it requires a structured reasoning step where the agent must 'judge each comment' before execution.
- Capability inventory: The skill can modify local source code, create git commits, push to remote branches, and mutate GitHub thread states (reply and resolve).
- Sanitization: No automatic sanitization of comment text is performed; the risk is mitigated by explicit instructions to not treat reviewers as automatically correct and to verify fixes against repository requirements.
Audit Metadata