resolve-pr-threads
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted Pull Request comments which can contain malicious instructions.
- Ingestion points: Fetches review threads and inline comments from the PR environment as specified in Step 1.
- Boundary markers: No delimiters or safety instructions are used to distinguish comment data from system commands.
- Capability inventory: The agent can write/modify code files, run shell commands for testing, and execute git commits.
- Sanitization: No content filtering or validation is performed on the ingested comments before they are processed by the LLM.
- [COMMAND_EXECUTION]: The skill performs automated shell-based operations including Test-Driven Development (TDD) cycles and git operations (commit) triggered by PR comment content.
Audit Metadata