Skills
skills/morphet81/cheat-sheets/address-pr-comments/Gen Agent Trust Hub

address-pr-comments

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Pull Request comments.\n
  • Ingestion points: External data enters the agent context through gh api calls in Step 3, which retrieve both review comments and general conversation comments.\n
  • Boundary markers: The skill uses markdown blockquotes to delimit external comment content when presenting it to the user, providing some visual separation.\n
  • Capability inventory: The skill has broad capabilities, including modifying the local filesystem via git, interacting with the GitHub API, and spawning/orchestrating subagents via the Task tool.\n
  • Sanitization: There are no explicit instructions for the agent to sanitize the ingested text or ignore potential instructions embedded within the comments.\n
  • Contextual Mitigation: The instructions include critical human-in-the-loop checkpoints. The agent must obtain explicit user approval for the proposed fixes in Step 5 and for the final implemented changes in Step 8 before proceeding to commit or reply.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 11:04 PM