resolve_parallel
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and processes instructions from TODO comments within a codebase.
- Ingestion points: Reads content from TODO comments in files provided as input.
- Boundary markers: The workflow does not specify the use of delimiters or instructions to ignore embedded commands within the TODO text.
- Capability inventory: The skill spawns 'pr-comment-resolver' subagents and performs git operations, including 'Commit changes' and 'Push to remote'.
- Sanitization: There is no evidence of sanitization or validation of the content extracted from the comments before it is passed to subagents. An attacker could place malicious instructions in a TODO comment to influence the behavior of the resolver agents.
Audit Metadata