Skills
skills/jkappers/agent-skills/resolve-pr-feedback/Gen Agent Trust Hub

resolve-pr-feedback

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection through GitHub PR comments.
  • Ingestion points: Untrusted data enters the agent context via the gh api graphql call which fetches comment bodies from GitHub (SKILL.md, Step 2).
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded within the fetched PR comments.
  • Capability inventory: The skill has the capability to modify local source code files, stage changes, and execute git commit and gh pr checkout (SKILL.md, Step 3c and Step 1).
  • Sanitization: There is no technical sanitization of the comment body. The skill relies solely on the LLM's 'Objective Value' evaluation (Step 3b), which can be bypassed by sophisticated adversarial instructions disguised as valid technical feedback (e.g., a 'security fix' that actually introduces a backdoor).
  • [COMMAND_EXECUTION] (SAFE): The skill executes gh and git commands. These are limited to standard repository management (checkout, api, commit) and do not involve shell piping or execution of downloaded scripts.
  • [DATA_EXFILTRATION] (SAFE): The skill reads local code and PR metadata. This data is processed internally to generate commits and is only transmitted to GitHub's official API via the authenticated gh CLI tool, which is consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 01:15 AM