pr-address-comments
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Shell Command Construction: The utility script
fetch-pr-info.jsutilizes shell commands to interact with the local git environment and the GitHub CLI. It interpolates the branch name directly into command strings to fetch pull request data. This is a common pattern for developer-oriented tools, though it involves executing commands derived from local repository metadata. - Processing of External Content: The skill processes pull request comments and diffs, which are considered untrusted data as they can be authored by external parties.
- Ingestion Points: Untrusted data enters the agent context via the GitHub API and CLI results in
scripts/fetch-pr-info.js. - Boundary Markers: The script organizes the data with clear labels, though it does not use specific delimiters to isolate external comment text from instructions.
- Capability Inventory: The script performs read operations and provides the agent with information needed to summarize and understand code changes.
- Sanitization: The content of the comments is retrieved and displayed without specific sanitization or escaping.
- Security Consideration: This creates a surface for indirect prompt injection, where feedback or instructions embedded within pull request comments could potentially influence the agent's summary or analysis.
- Access to Authentication Metadata: The script retrieves and logs the output of
gh auth status -a. This provides the agent with information regarding the user's GitHub authentication state and permissions, which is necessary to verify that the tool has the required access to perform its functions.
Audit Metadata