address-pr-comments
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes external data (PR comments) and acts on instructions or code blocks within them.\n
- Ingestion points: Fetches untrusted comment data from GitHub PRs via the REST API (SKILL.md, Step 4).\n
- Boundary markers: Absent. The skill does not implement delimiters or system-level instructions to ignore embedded commands in the fetched data.\n
- Capability inventory: The agent can modify the local filesystem, perform
git commit,git push, and execute GitHub API mutations (replies, thread resolution) based on the input.\n - Sanitization: Absent. Suggested code blocks are parsed and applied to the codebase without validation beyond an optional syntax check.\n- [COMMAND_EXECUTION]: Executes shell commands including
gitandghto manage the repository and interact with GitHub services as part of its primary function.\n- [EXTERNAL_DOWNLOADS]: Downloads PR metadata and comment content from the GitHub API, which is considered a well-known and trusted source for this workflow.
Audit Metadata