fix-review
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) and Git to fetch data and push changes, and it executesruffandpytestlocally. These commands are executed based on context and parameters derived from external pull request review data. - [REMOTE_CODE_EXECUTION]: The skill follows a workflow where code suggestions extracted from pull request comments are directly applied to the filesystem and subsequently executed during the
pytestverification phase. This effectively allows an external source to dictate code that is executed on the runner. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of external instructions. 1. Ingestion points: Pull request review comments fetched via the GitHub API (Step 2 in SKILL.md). 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the processing logic for comment bodies. 3. Capability inventory: The skill can modify files, execute code via
pytest, perform linting/formatting withruff, and push code to the repository viagit push. 4. Sanitization: No sanitization, validation, or sandboxing of the suggested code or natural language instructions is performed before they are applied or executed.
Recommendations
- AI detected serious security threats
Audit Metadata