qodo-pr-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system commands including git and git provider CLI tools (gh, glab, bb, az) to retrieve PR data, manage comments, and commit code changes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external data (PR/MR comments) and treats the contained 'agent prompts' as direct instructions for modifying the codebase. 1. Ingestion points: Review comments are fetched from GitHub, GitLab, Bitbucket, or Azure DevOps as described in SKILL.md (Step 3). 2. Boundary markers: There are no explicit delimiters or instructions to ignore nested commands within the fetched comments. 3. Capability inventory: The skill has the ability to modify local files using the Edit tool and push changes to remote repositories using git push (Steps 6, 7, and 9). 4. Sanitization: The skill does not perform content validation or sanitization on the external instructions retrieved from the Qodo bot comments.
- [DATA_EXFILTRATION]: The skill transmits code fix summaries and replies to well-known git hosting platforms (GitHub, GitLab, Bitbucket, and Azure DevOps) using their respective official CLI tools.
Audit Metadata