address-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes review feedback provided by external users which could contain malicious instructions.\n
- Ingestion points: Data is gathered from GitHub PR reviews, inline comments, and conversation comments via
gh apicalls in Step 2.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the skill definition.\n
- Capability inventory: The skill has access to
Bash(forgitandgh),Read,Grep, andGlobtools, and can enter a planning mode to modify source code.\n - Sanitization: The skill does not perform sanitization or validation of the fetched comment content before processing it to create an actionable plan.\n- [COMMAND_EXECUTION]: The skill executes
gitandghcommands to retrieve repository metadata and PR details. While restricted to a specific allowed-tools list, these commands represent the primary interface for data retrieval and the execution surface.
Audit Metadata