Skills
skills/tobihagemann/turbo/resolve-pr-comments/Gen Agent Trust Hub

resolve-pr-comments

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script scripts/fetch-pr-data.sh to retrieve pull request data. This script utilizes the GitHub CLI (gh) to perform GraphQL queries and handle pagination for reviews, threads, and commits.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the ingestion and processing of untrusted external content.\n
  • Ingestion points: Review comments, review bodies, and commit messages are fetched from GitHub via the fetch-pr-data.sh script (Step 1).\n
  • Boundary markers: The instructions do not define clear delimiters or use specialized prompts to isolate the untrusted PR content from the agent's logic.\n
  • Capability inventory: The skill orchestrates the /resolve-findings skill (Step 7) which modifies the codebase and the /reply-to-pr-threads skill (Step 10) which posts messages back to GitHub.\n
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested text before it is used to influence the agent's actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:23 PM