resolve_pr_parallel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from GitHub PR comments which could contain malicious instructions.
- Ingestion points:
bin/get-pr-commentsretrieves comments from external sources. - Boundary markers: Absent; the workflow does not include instructions to isolate or ignore commands embedded within PR comments.
- Capability inventory: The skill can spawn sub-agents (
pr-comment-resolver), execute local scripts (bin/resolve-pr-thread), and push code to remote repositories. - Sanitization: Absent; there is no validation or filtering of the fetched comment content before it is passed to the resolving agents.
- Command Execution (SAFE): The skill executes
ghand local scripts in thebin/directory. These are consistent with the primary purpose of managing GitHub PRs and do not demonstrate privilege escalation or unsafe parameter passing in the provided context.
Audit Metadata