pr-threads-resolve
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party GitHub CLI extension
agynio/gh-pr-review. This involves downloading and installing executable code from an external repository that is not part of the trusted vendors list. - [COMMAND_EXECUTION]: The skill utilizes potentially dangerous shell piping patterns, such as
jq -r '.threads[].id' | xargs -I {} gh pr-review threads resolve --thread-id {}. This pattern executes multiple subcommands based on data retrieved from an external source (GitHub PR threads). - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing Pull Request review comments which are user-controlled external data.
- Ingestion points: Uses
gh pr-review threads listandgh pr-review review viewto fetch thread content and comments from GitHub (SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided CLI examples.
- Capability inventory: The skill can execute shell commands, pipe output to
xargs, and perform write operations to GitHub (resolving threads). - Sanitization: Relies on
jqfor parsing structured JSON, which mitigates some risks, but the resulting IDs are passed directly to shell commands viaxargs.
Audit Metadata