Skills
skills/gupsammy/claudest/get-pr-comments/Gen Agent Trust Hub

get-pr-comments

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md instructions define workflows where the agent executes shell commands (e.g., gh api and python3) using a <PR_NUMBER> placeholder derived from user arguments. If the agent does not enforce strict integer validation, an attacker could supply input containing shell metacharacters (e.g., 123; whoami) to execute unauthorized commands.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches content from external, untrusted sources (GitHub comments) and relays it to the agent context.\n
  • Ingestion points: Pull request comments, review bodies, and inline feedback retrieved via scripts/fetch_pr_comments.py.\n
  • Boundary markers: Absent. The instructions explicitly tell the agent to 'present as-is' and 'do not reformat', which increases the likelihood of the agent obeying instructions embedded within the fetched comments.\n
  • Capability inventory: The agent is granted access to Bash (allowing execution of gh and python3), Read, and Grep tools.\n
  • Sanitization: No filtering or sanitization of the fetched comment data is performed before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:31 PM