address-github-comments
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the GitHub CLI (
gh) to view and post comments. These are intended actions based on the skill description. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) via GitHub comments.
- Ingestion points: Untrusted data is ingested via
gh pr view --commentsinSKILL.md. - Boundary markers: There are no delimiters or 'ignore embedded instructions' markers present to separate comment content from system instructions.
- Capability inventory: The skill allows the agent to modify code and execute
ghcommands. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub comments.
Audit Metadata