Skills
skills/notque/claude-code-toolkit/pr-fix/Gen Agent Trust Hub

pr-fix

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: Phase 2 uses gh api to retrieve the bodies of PR comments and reviews from GitHub, which are then processed by the agent.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing comment text.
  • Capability inventory: The skill possesses the Edit tool for file modifications and the Bash tool for shell command execution, as well as the ability to git push changes.
  • Sanitization: While no technical sanitization is mentioned, the skill implements a mandatory human-in-the-loop 'Show Fix Plan' gate (Phase 3) that requires explicit user confirmation before any modifications or commands are executed, significantly reducing the risk of autonomous malicious action.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:28 PM