gh-address-comments
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect prompt injection surface detected. 1. Ingestion points: Pull request and issue comments retrieved via
gh apicalls in SKILL.md. 2. Boundary markers: Absent; no specific delimiters are used to separate external content from agent instructions. 3. Capability inventory: The skill can modify code and post replies via theghCLI. 4. Sanitization: Absent; the skill summarizes and proposes fixes based directly on external input. - COMMAND_EXECUTION (SAFE): The skill uses official GitHub CLI commands (
gh auth,gh pr view,gh api) to perform intended tasks, which does not constitute unauthorized command execution.
Audit Metadata