address-github-comments
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized operations were detected. The skill uses standard GitHub CLI (
gh) commands to perform legitimate PR management tasks. - [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection as it is designed to ingest and act upon untrusted data from GitHub comments.
- Ingestion points: GitHub Pull Request comments are read into the agent context via
gh pr view --commentsinSKILL.md. - Boundary markers: Absent; the instructions do not define delimiters or specific safety warnings to prevent the agent from obeying instructions embedded within comments.
- Capability inventory: The agent has the capability to write to the filesystem ('Apply code changes') and perform network operations via
gh pr commentas specified inSKILL.md. - Sanitization: Absent; there is no logic described to validate or sanitize the external comment data before it is processed by the agent.
Audit Metadata