gh-address-comments
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The skill explicitly requests 'require_escalated' sandbox permissions and 'workflow/repo' scopes for the GitHub CLI, which are high-privilege credentials that could be abused.
- Indirect Prompt Injection (HIGH): The skill ingests untrusted content from GitHub comments via fetch_comments.py and is instructed to 'Apply fixes' based on that content without any boundary markers or validation, allowing attackers to inject instructions via comments.
- Command Execution (MEDIUM): The skill performs automated repository modifications and CLI commands based on external input, which can be manipulated if the input contains malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata