ce-resolve-pr-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
ghandgitto manage pull request data and apply commits. It also executes a project-defined validation command (specified in the project's configuration files) to verify that the combined changes do not break the build. - [PROMPT_INJECTION]: The skill processes untrusted PR comments which constitutes an indirect prompt injection surface. The documentation includes a 'Security' section that explicitly instructs the agent to treat this text as context only and ignore embedded commands.
- Ingestion points: PR comments and review thread data are fetched via the
scripts/get-pr-commentsutility. - Boundary markers: The skill relies on natural language instructions in the
SKILL.md'Security' section to guide agent behavior when handling untrusted input. - Capability inventory: The skill possesses the ability to modify local source code, execute repository-defined test commands, and push changes to remote repositories.
- Sanitization: There is no evidence of programmatic sanitization or escaping of the comment text before it is processed by the resolution agents.
Audit Metadata