Skills
skills/mgratzer/forge/forge-address-pr-feedback/Gen Agent Trust Hub

forge-address-pr-feedback

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes pull request review comments which are controlled by external users.
  • Ingestion points: Pull request review thread comments fetched via gh api graphql (SKILL.md, Step 1).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to ignore instructions embedded within the comments.
  • Capability inventory: The skill has the ability to modify local files (Edit, Write), execute shell commands (Bash), commit changes, and push code to remote repositories (SKILL.md, Step 3 and Step 5).
  • Sanitization: Absent. The skill does not implement filtering, escaping, or validation on the fetched comment bodies before they are used to guide the agent's actions.
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and git to perform its primary tasks.
  • Executes gh api graphql to fetch and reply to review threads.
  • Executes git commit and git push to manage code changes.
  • Executes gh issue create to document follow-up work.
  • These commands are standard for the skill's purpose and use the local environment's authenticated identity.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 10:50 AM