Skills
skills/ilchemla/agent-skills/qodo-pr-resolver/Gen Agent Trust Hub

qodo-pr-resolver

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and executes "Agent Prompts" extracted from GitHub PR comments.
  • Ingestion points: PR comments (general and inline) fetched via gh api (SKILL.md, references/api-reference.md).
  • Boundary markers: No explicit delimiters or instructions to ignore nested prompts are present.
  • Capability inventory: File-write operations for code fixes, command execution (git, gh, npm, pytest), and network access via GitHub API.
  • Sanitization: Employs sed to remove HTML tags but does not validate the semantic content of the extracted instructions (references/api-reference.md).
  • [COMMAND_EXECUTION]: The skill invokes several CLI tools including gh for API interaction, git for version control, and various test runners (npm, pytest, make, ruff, black) to verify code changes.
  • [EXTERNAL_DOWNLOADS]: Fetches PR metadata and discussion threads from the GitHub API, which is a trusted and well-known service. It may also execute dependency installation commands like npm install or pip install if required by the project environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:29 PM