gh-address-comments
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/fetch_comments.py executes the GitHub CLI (gh) using the subprocess.run method to fetch PR information.
- [PROMPT_INJECTION]: The SKILL.md file contains instructions that attempt to bypass sandbox restrictions by requesting elevated network access and the require_escalated permission level.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from GitHub PR comments to determine what fixes to apply. Ingestion points: PR comments are fetched in scripts/fetch_comments.py. Boundary markers: Absent. Capability inventory: The agent is instructed to apply fixes based on comment content. Sanitization: No sanitization of the input data is performed.
Audit Metadata