address-pr-comments
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it fetches and follows instructions from untrusted pull request review comments.
- Ingestion points: Pull request comment bodies fetched via
gh apiinSKILL.md. - Boundary markers: None; the skill does not use delimiters or provide instructions to the agent to ignore malicious commands embedded within the comments.
- Capability inventory: The skill has the ability to modify the filesystem, perform
git add,git commit,git push, and interact with the GitHub API to post replies. - Sanitization: There is no evidence of sanitization or validation performed on the comment body before the agent interprets it to implement code fixes.- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) and Git to perform core functions such as viewing PR data, fetching comments, committing fixes, and pushing changes. These operations are consistent with the skill's stated purpose of managing PR feedback.
Audit Metadata