gh-address-copilot-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it treats user-provided review comments as the authoritative source for driving agent behavior, including code modifications and task execution.
- Ingestion points: Review comments provided in the task context (as specified in the 'Preconditions' and 'Batch Workflow' sections).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within the review comments.
- Capability inventory: The skill has the capability to write to the file system (implementing fixes), execute validation commands (subprocess calls), and perform network operations via GitHub CLI tools.
- Sanitization: There is no mention of sanitizing or validating the comment content before it is used to determine which actions to take or which commands to run.
- [COMMAND_EXECUTION]: The skill executes shell commands, specifically
gh auth statusand arbitrary validation commands required by the repository. These commands are executed as part of a workflow driven by potentially untrusted input from review comments.
Audit Metadata