gh-address-comments
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub PR comments which are then used to influence code modifications and replies. An attacker could embed malicious instructions within a comment that the agent might interpret as legitimate requests.
- Ingestion points: Pull request review comments and issue comments fetched via
gh apiinSKILL.md. - Boundary markers: None present in the workflow to isolate the untrusted comment content from the agent's instructional context.
- Capability inventory: The agent can propose code fixes, push changes (after approval), and draft replies based on the fetched data.
- Sanitization: No evidence of filtering, escaping, or validating the content of the comments before they are processed by the agent.
Audit Metadata