Skills
skills/satone7/skills/github-pr-fixer/Gen Agent Trust Hub

github-pr-fixer

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automatically installs a third-party GitHub CLI extension agynio/gh-pr-review from an external source during its prerequisite check.
  • [REMOTE_CODE_EXECUTION]: By installing and subsequently executing the gh-pr-review extension, the skill runs unverified code from a non-standard repository on the user's system.
  • [COMMAND_EXECUTION]: The skill executes auto-detected commands from local project files (e.g., package.json, Makefile, pyproject.toml) during the verification phase, including npm run lint, pytest, and golangci-lint, which can lead to the execution of malicious scripts if the project files are compromised.
  • [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection (Category 8):
  • Ingestion points: Fetches untrusted data from GitHub PR discussion comments and inline review comments via gh api (SKILL.md).
  • Boundary markers: None identified. The instructions do not define delimiters or provide warnings to the agent about ignoring embedded instructions in the comments.
  • Capability inventory: Includes file modification (Edit tool), local command execution (npm, pytest, gh), and network operations (git push, gh api) across all phases.
  • Sanitization: None. The skill directly analyzes and acts upon the content of the fetched comments to implement code changes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 08:51 AM