gh-address-comments
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts (
fetch_comments.py,mark_resolved.py) that perform shell command execution by calling the GitHub CLI (gh) via thesubprocess.runfunction. These commands are used to interact with the GitHub GraphQL API to fetch pull request data and resolve review threads as part of the skill's primary functionality. - [PROMPT_INJECTION]: The skill processes external, untrusted data in the form of GitHub pull request comments, which could contain instructions designed to influence agent behavior.
- Ingestion points: Untrusted comment data enters the agent context through the output of
scripts/fetch_comments.py, which is then processed to create task checklists and summaries. - Boundary markers: The workflow documentation in
SKILL.mddoes not specify the use of delimiters or system-level instructions to ignore embedded commands within the fetched comment content. - Capability inventory: The agent possesses file system modification capabilities (
Edit,Write) and the ability to execute repository-level commands (Commit,ghAPI calls) which could be targeted by injection. - Sanitization: There is no evidence of sanitization or filtering of the
bodyfield of the fetched comments before they are analyzed and presented by the agent.
Audit Metadata