Skills
skills/hyf0/skills/resolve-pr-comments/Gen Agent Trust Hub

resolve-pr-comments

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through GitHub PR review comments fetched in SKILL.md via the gh api graphql query.
  • Boundary markers: No explicit delimiters (like XML tags or triple quotes) or 'ignore embedded instructions' warnings are used when the agent processes the fetched comment bodies.
  • Capability inventory: The agent uses an 'Edit tool' to modify the codebase and executes gh api commands to post comments and resolve threads on GitHub.
  • Sanitization: The skill lacks validation or sanitization of the comment content, relying on the agent to manually determine if a suggestion 'makes sense' before acting.
  • [COMMAND_EXECUTION]: The skill executes several gh api commands to query the GitHub GraphQL API and post updates to pull request threads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:21 AM