address-github-comments
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies and processes external GitHub comments, creating a surface for indirect prompt injection where an attacker could embed instructions in a PR comment.
- Ingestion points: Comments are ingested via
gh pr view --commentsin SKILL.md. - Boundary markers: Absent. The skill provides no instructions to the agent to treat external comment text as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent is expected to 'Apply Fixes' and 'Respond to Comments', implying capabilities for file system modification and further network interaction.
- Sanitization: Absent. The workflow does not specify any sanitization, validation, or filtering of the comment content before the agent acts upon it.
Audit Metadata