Skills
skills/sebastian-greco/agent-skills/address-pr-comments-omo/Gen Agent Trust Hub

address-pr-comments-omo

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted PR comments and passing them to a subagent prompt without sanitization.\n
  • Ingestion points: PR comment bodies are fetched from the GitHub API in Step 1 (SKILL.md).\n
  • Boundary markers: The prompt for the hephaestus subagent uses labels like COMMENT:, but does not include explicit instructions to ignore potential commands embedded within the fetched text.\n
  • Capability inventory: The skill is capable of modifying the local filesystem, performing git commits and pushes, and making POST requests to the GitHub API. The subagent can also perform code changes.\n
  • Sanitization: No evidence of input validation or sanitization exists for the comment body before it is interpolated into the task prompt.\n- [COMMAND_EXECUTION]: The skill executes shell commands using gh and git tools. These operations are performed using repository and PR metadata retrieved at runtime.\n- [EXTERNAL_DOWNLOADS]: The skill documentation references a requirement for the oh-my-opencode repository on GitHub for its operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:18 AM