address-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from GitHub PR comments and using it to guide code modifications.\n- Ingestion points: In
SKILL.md, the skill usesgh api graphqlto fetch content fromreviewThreadsandreviewson GitHub.\n- Boundary markers: The instructions lack delimiters or system-level warnings to distinguish between legitimate code review feedback and malicious instructions embedded in comments.\n- Capability inventory: The skill employs theBash,Edit, andWritetools, and can performgit pushoperations, providing a significant impact path for injected instructions.\n- Sanitization: There is no evidence of content validation or sanitization of the fetched review comments before they are processed by the agent to implement fixes.
Audit Metadata