Skills
skills/pbakaus/agent-reviews/resolve-human-reviews/Gen Agent Trust Hub

resolve-human-reviews

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx, pnpm exec, yarn exec, or bunx to download and execute the agent-reviews package from the NPM registry. This package is a vendor-owned resource authored by pbakaus.
  • [COMMAND_EXECUTION]: The skill invokes several high-privilege commands including git push to upload code changes to a remote repository and git config --global to modify user identity in cloud environments. It also executes the agent-reviews CLI for replying to and resolving PR threads.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It is designed to ingest human PR comments and 'Act on Evaluation' by fixing code based on that input.
  • Ingestion points: Human review comments fetched from GitHub via the agent-reviews --expanded command.
  • Boundary markers: Absent. There are no delimiters or specific instructions provided to the agent to treat comment text as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent can modify the local file system, perform git commit, and execute git push to the remote repository.
  • Sanitization: No validation or sanitization of the comment body is performed before the agent attempts to interpret and implement the suggested changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 11:00 AM