pr-comment-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill operates by ingesting feedback from Pull Request comments, which constitutes an attack surface for indirect prompt injection where malicious instructions could be embedded in the feedback.
- Ingestion points: External data is retrieved from GitHub via
gh pr viewand the GitHub API as described in SKILL.md. - Boundary markers: The skill does not define explicit delimiters or instructions to the agent to disregard commands found within the external comment text.
- Capability inventory: The agent is granted
Bash,Write, andEditpermissions in the skill configuration (SKILL.md), enabling it to modify the repository and run scripts based on findings. - Sanitization: There is no evidence of content sanitization or validation performed on the feedback before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to interact with the GitHub CLI and execute local development commands such aspytestandnpm test. These operations are standard for the skill's workflow but provide the execution context that could be targeted by an injection attack.
Audit Metadata