reply-to-pr-threads
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the official GitHub CLI (
gh api graphql) to interact with the GitHub API. This is the intended and standard way to perform GitHub operations within a developer environment. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external sources (GitHub PR comments) to generate replies. It properly addresses this risk by implementing a mandatory confirmation step ('Step 4: Present Drafts and Confirm'), allowing the user to review and approve all generated content before it is posted to a remote server.
- [DATA_EXFILTRATION]: While the skill transmits data to an external service (GitHub), this service is a well-known and trusted platform for the skill's stated purpose. The data transmitted (replies to PR threads) is explicitly reviewed by the user first.
Audit Metadata