pr-comment-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted PR comments that could contain instructions to manipulate the agent's behavior.
- Ingestion points: Untrusted PR comments are fetched from GitHub repositories using the GitHub CLI as defined in SKILL.md.
- Boundary markers: There are no boundary markers or instructions to isolate external comment data from the agent's instructions.
- Capability inventory: The skill can modify the local codebase and perform network write operations via the GitHub API (SKILL.md).
- Sanitization: No input sanitization or validation of the PR comment content is specified before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (
gh) to fetch and post PR data. It also uses thesleepcommand to implement delays between API calls. These operations are standard for the skill's intended purpose of managing GitHub workflows.
Audit Metadata