Skills
NYC
skills/smithery/ai/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Privilege Escalation (HIGH): The skill explicitly instructs the agent to run commands with "elevated network access" and "escalated permissions." Specifically, it suggests using sandbox_permissions=require_escalated if blocked by security controls, which is a direct attempt to bypass environment restrictions.
  • Indirect Prompt Injection (LOW): The skill is designed to read and process external, untrusted content from GitHub PR comments, which could contain malicious instructions.
  • Ingestion points: scripts/fetch_comments.py (reads PR comments via GitHub API).
  • Boundary markers: None mentioned; instructions are treated as tasks to "Apply fixes."
  • Capability inventory: gh CLI execution and local file modification/fix application.
  • Sanitization: No evidence of sanitization or escaping of comment content before the agent interprets it to generate fixes.
  • Command Execution (MEDIUM): The skill relies on executing the gh CLI and a local Python script (fetch_comments.py) to interact with the system and remote repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:46 PM