respond-pr-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external PR comments.\n
- Ingestion points: Pull request comments are fetched using
gh apiinSKILL.md.\n - Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded commands within the fetched comments.\n
- Capability inventory: The agent has the ability to post new comments (
gh api POST) and resolve discussion threads via GraphQL mutations inSKILL.md.\n - Sanitization: Absent. The skill does not specify any validation or sanitization for the comment content before processing it for response generation.\n- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to perform repository operations. While these are legitimate tools, the integration with external user input (PR comments) used to generate command arguments creates a potential injection surface if the agent output is not handled securely by the underlying platform.
Audit Metadata