Skills
skills/qodo-ai/qodo-skills/qodo-pr-resolver/Gen Agent Trust Hub

qodo-pr-resolver

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads sensitive credentials from ~/.qodo/config.json, including GERRIT_HTTP_PASSWORD, BB_APP_PASSWORD, and AZURE_DEVOPS_EXT_PAT. This is used for authenticating with git provider APIs.
  • [COMMAND_EXECUTION]: The skill makes extensive use of system commands including git (for branch management and commits), curl (for API interactions), and provider CLIs like gh, glab, and az.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a commit-msg hook from a user-configured Gerrit server URL and set it as executable.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality of following "agent prompts" from PR comments.
  • Ingestion points: Fetches untrusted comment data via provider APIs (e.g., gh api, glab mr view, Bitbucket/Gerrit REST endpoints).
  • Boundary markers: No delimiters or isolation instructions are provided to distinguish between the intended Qodo agent prompt and potentially malicious injected content in comments.
  • Capability inventory: The agent has full access to modify files using the Edit tool, commit changes to the repository, and perform network operations.
  • Sanitization: The skill lacks validation or sanitization mechanisms to ensure the instructions in the comment body are legitimate and safe before they are followed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 07:31 PM