Skills
skills/qwibitai/nanoclaw/qodo-pr-resolver/Gen Agent Trust Hub

qodo-pr-resolver

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external PR/MR comments and uses that data as instructions for the agent.
  • Ingestion points: The skill fetches PR/MR summary and inline comments via provider CLI tools (gh, glab, bb, az) as defined in SKILL.md Step 3.
  • Boundary markers: No explicit boundary markers or 'ignore previous instructions' warnings are provided when the agent processes the external Qodo prompts.
  • Capability inventory: The skill utilizes the Edit tool to modify source files, git for repository operations (commit/push), and provider-specific CLIs for network-based PR interactions (SKILL.md Steps 6, 7, 8).
  • Sanitization: The instructions explicitly direct the agent to 'follow it literally' and 'execute the Qodo agent prompt as a direct instruction' without sanitization or validation of the external content.
  • [COMMAND_EXECUTION]: The skill performs various shell commands using git and provider CLIs (gh, glab, bb, az) to manage branches, pull requests, and comments as detailed in the resources/providers.md documentation.
  • [EXTERNAL_DOWNLOADS]: The skill fetches configuration and review data from well-known technology services and trusted providers, including GitHub, GitLab, Bitbucket, and Azure DevOps (Microsoft).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:35 PM