Skills
skills/kcaswick/agent-skills/pr-review-comment-response/Gen Agent Trust Hub

pr-review-comment-response

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh (GitHub CLI) commands for querying and interacting with pull requests and issues, as well as br and bv commands for project tracking (e.g., br create, br update, gh api graphql).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and acts upon the text of GitHub PR comments, which are authored by external users.
  • Ingestion points: PR comment bodies are retrieved via GraphQL queries in SKILL.md (Phase 1).
  • Boundary markers: There are no specified delimiters or instructions to treat comment text as untrusted data within the workflow.
  • Capability inventory: The agent has permissions to edit local files, create GitHub issues/comments, and manage project implementation beads.
  • Sanitization: The skill lacks explicit sanitization or filtering logic for the contents of the processed review threads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:25 PM