Skills
skills/sadiksaifi/skills/pr-resolve/Gen Agent Trust Hub

pr-resolve

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from GitHub PR comments and reviews.
  • Ingestion points: In SKILL.md (Step 1), the agent fetches PR details, review bodies, and inline comments using gh pr view and gh api calls.
  • Boundary markers: Absent. The skill does not implement delimiters or safety instructions to prevent the agent from following commands embedded within the fetched PR feedback.
  • Capability inventory: The skill utilizes shell execution via bash for gh and git operations, including git push and repository mutations via the GraphQL API. It also has full file-system access for codebase exploration and modification.
  • Sanitization: Absent. The skill parses review bodies and thread content directly to identify actionable feedback without sanitizing the text for potential injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:42 PM