Skills
skills/pbakaus/agent-reviews/resolve-reviews/Gen Agent Trust Hub

resolve-reviews

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from GitHub PR comments and is instructed to 'evaluate' and 'act' on this data, which could lead to unauthorized code modifications or command execution if a comment contains malicious instructions.
  • Ingestion points: The skill fetches PR comments (human and bot) in Phase 1, Step 1 via 'npx agent-reviews --unanswered --expanded'.
  • Boundary markers: There are no boundary markers or instructions to the agent to disregard instructions within the comments.
  • Capability inventory: The skill can perform file writes (to fix code), git commits, git pushes, and execute CLI commands.
  • Sanitization: No sanitization or validation of the comment content is performed before the agent evaluates and acts on it.
  • [EXTERNAL_DOWNLOADS]: The skill uses 'npx agent-reviews' to execute a CLI tool. While the tool is owned by the skill's author (pbakaus), it involves downloading and running code from the NPM registry at runtime.
  • [COMMAND_EXECUTION]: The skill executes several shell commands, including 'git' for global configuration, commits, and pushes, and 'npx' for tool execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 07:42 PM