Skills
skills/ravnhq/ai-toolkit/pr-comments-address/Gen Agent Trust Hub

pr-comments-address

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the gh (GitHub CLI) tool to perform operations such as gh pr view to fetch pull request metadata and gh api to post comment replies. These commands are intrinsic to the skill's stated purpose of automating GitHub workflows.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the ingestion of external GitHub PR comments. Maliciously crafted review comments could attempt to override the agent's instructions during the triage or fixing phases.\n
  • Ingestion points: Untrusted data is ingested from GitHub review comments and threads via the gh pr view command in SKILL.md (Step 2).\n
  • Boundary markers: The workflow does not implement specific delimiters or 'ignore' instructions to encapsulate the external comment data during processing.\n
  • Capability inventory: The skill has the capability to modify local source files (Step 6) and write data to the GitHub API (Step 9) as defined in SKILL.md.\n
  • Sanitization: The skill implements strong sanitization via mandatory human-in-the-loop (HITL) checkpoints. The user must explicitly confirm the triage plan (Step 4), the proposed code modifications (Step 5), and the drafted replies (Step 8) before any high-privilege actions are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 07:53 PM