Skills
skills/openai/skills/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect injection by processing untrusted data from GitHub.
  • Ingestion points: scripts/fetch_comments.py fetches the body of PR comments and review threads.
  • Boundary markers: Absent. The skill instructions do not provide delimiters or warnings to ignore instructions embedded in the comments.
  • Capability inventory: The skill is instructed to "Apply fixes" based on these comments, which implies code modification and file system access via the agent.
  • Sanitization: None. The agent processes fetched text directly to determine required code changes.
  • Privilege Escalation (LOW): The SKILL.md file explicitly requests sandbox_permissions=require_escalated and "elevated network access." While these are requested to facilitate gh CLI authentication, they increase the potential impact if the agent is compromised via indirect injection.
  • Command Execution (SAFE): The scripts/fetch_comments.py script executes the gh CLI using subprocess.run with arguments passed as a list. This is a secure implementation that prevents shell injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:47 PM