Skills
skills/generaljerel/chalk-skills/fix-review/Gen Agent Trust Hub

fix-review

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and interprets untrusted content from GitHub PR comments to guide its code-editing behavior.
  • Ingestion points: The skill retrieves comment bodies via the gh api command in Step 3.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat the PR comment content strictly as data or to ignore potential instructions embedded within them.
  • Capability inventory: The skill is granted Edit, Write, and Bash permissions, allowing it to modify the local codebase based on the parsed comments.
  • Sanitization: There is no evidence of sanitization or validation of the comment content before it is used to generate code fixes.
  • Mitigation: The skill explicitly instructs the agent to "Show the proposed fix to the user and ask for explicit confirmation before applying it," which serves as a significant human-in-the-loop safeguard.
  • [COMMAND_EXECUTION]: The skill executes local system commands using the GitHub CLI (gh) to gather PR information and fetch API data.
  • Evidence: Step 1 uses gh pr view, Step 2 uses gh --version, and Step 3 uses gh api. These are standard operations for interacting with GitHub services.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:14 AM