Skills
skills/henryqw/skills/gh-pilot/Gen Agent Trust Hub

gh-pilot

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses various command-line tools to interact with the repository and GitHub services.
  • It executes gh pr view, gh api, and gh api graphql to manage pull requests and fetch review data.
  • It uses git add, git commit, and git push to apply and upload code changes based on feedback.
  • It utilizes mktemp and jq for managing temporary files and processing JSON responses.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted comment data from GitHub.
  • Ingestion points: The agent retrieves review thread and comment content via gh api graphql in SKILL.md (Steps 2A and 2G).
  • Boundary markers: No explicit delimiters or instructions are used to separate the untrusted comment content from the agent's core instructions.
  • Capability inventory: The agent has permissions to modify the codebase, commit and push changes, alter PR reviewers, and resolve review threads.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the comments before they are interpreted as actionable instructions by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:50 PM