Skills
skills/hifisaputra/skills/handle-pr-feedback/Gen Agent Trust Hub

handle-pr-feedback

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses GitHub CLI (gh) and Git (git) to retrieve PR data, checkout branches, and push code modifications.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via pull request review comments. The skill ingests untrusted data from gh pr view and GitHub APIs, then treats the content as instructions for code changes.
  • Ingestion points: Commands gh pr view <number> --comments, gh api repos/{owner}/{repo}/pulls/<number>/reviews, and gh api repos/{owner}/{repo}/pulls/<number>/comments in SKILL.md ingest external text.
  • Boundary markers: None provided; the agent is not instructed to disregard potential commands or malicious instructions within the comments.
  • Capability inventory: Includes git push, file system modification (making requested changes), and execution of local tests.
  • Sanitization: No validation or sanitization is performed on the ingested comment text before it is used to guide code tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 02:38 AM