Skills
skills/skinnyandbald/fish-skills/pr-resolution/Gen Agent Trust Hub

pr-resolution

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted PR comments which could contain instructions to bypass logic or manipulate agent behavior.
  • Ingestion points: bin/get-pr-comments and bin/parse-coderabbit-review fetch user and bot comments from GitHub.
  • Boundary markers: Absent; comments are ingested directly into the resolution workflow.
  • Capability inventory: The agent has permissions for git commit, gh api mutations (resolving threads), and npm run script execution.
  • Sanitization: Absent; fetched data is treated as instructional context for parallel agents.
  • [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill recommends installing 'gtg' via pip install, a third-party dependency from a non-whitelisted organization.
  • [Dynamic Execution] (LOW): The verification phase executes npm run commands (lint, test, build) from the repository being reviewed. This executes arbitrary code defined in the repository's package.json, which is intended for its function but represents an inherent risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 07:44 PM