pr-address-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub PR comments and review threads which are then processed by the agent to plan and apply code changes.
- Ingestion points: SKILL.md (Step 1) fetches review threads and comments using gh api commands.
- Boundary markers: Absent. The instructions do not define delimiters or specific instructions to ignore embedded commands within the fetched external comment bodies.
- Capability inventory: SKILL.md contains instructions for git add, git commit, and git push (Steps 4 and 5) as well as gh api for posting replies and resolving threads (Step 6).
- Sanitization: Absent. No sanitization or validation of the fetched comment content is performed before the agent generates the fix plan.
- [COMMAND_EXECUTION]: The skill relies on the gh (GitHub) and git CLI tools to manage the repository state. It executes commands to view PRs, fetch comments from GraphQL and REST APIs, create new issues, commit code changes, and push updates to remote branches.
Audit Metadata