resolve-agent-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and executes the
agent-reviewsCLI tool using package managers likenpx,pnpm, oryarn. This tool is authored by the skill's creator (pbakaus) and serves as the primary interface for fetching PR metadata and comments. - [COMMAND_EXECUTION]: Uses standard Git commands (
git add,git commit,git push) to modify the codebase and synchronize changes with the remote repository. These operations are essential for the skill's core functionality of fixing PR findings. - [PROMPT_INJECTION]: Presents a surface for indirect prompt injection (Category 8) as it processes and acts upon external data in the form of PR comments. A malicious comment could attempt to influence the agent's evaluation process or code generation.
- Ingestion points: Bot comments are fetched from GitHub PRs via the
agent-reviewsCLI tool. - Boundary markers: The instructions rely on the LLM to evaluate the comments against the code without specific structural delimiters.
- Capability inventory: The agent can write to the filesystem and push code to the remote repository.
- Sanitization: The skill employs a mitigation strategy by instructing the agent to evaluate findings as "True Positive" or "False Positive" and explicitly requires user intervention if the evaluation is "Uncertain".
Audit Metadata