Skills
skills/tmaru-eng/strategy-bricks/resolve-ai-pr-reviews/Gen Agent Trust Hub

resolve-ai-pr-reviews

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and bash scripting to automate PR management.
  • It executes gh api calls for REST and GraphQL queries to fetch metadata and modify thread status.
  • It uses bash control flow (for-loops) to process and resolve multiple review threads sequentially.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from the GitHub API, which is a well-known and trusted service.
  • It retrieves pull request comments and issue comments for analysis.
  • It queries GraphQL nodes to identify unresolved review threads.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) as it processes data from external sources.
  • Ingestion points: The agent fetches PR comments authored by 'coderabbitai' and 'gemini' using the GitHub API in SKILL.md.
  • Boundary markers: Absent. There are no explicit markers or instructions to the agent to treat the fetched comment bodies as untrusted data or to ignore instructions embedded within them.
  • Capability inventory: The skill's workflow includes high-capability actions such as implementing code changes, running tests/linting commands, and performing write operations via the GitHub API (resolving threads and posting new comments).
  • Sanitization: Absent. The agent is instructed to use the bot feedback directly to guide its code fixes without validation or sanitization of the input text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:08 AM