resolve-pr-comments
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted data from GitHub pull request comments.
- Ingestion points: The skill fetches comment bodies directly from the GitHub GraphQL API as seen in SKILL.md.
- Boundary markers: The prompt instructions do not provide explicit delimiters or clear directives to the model to ignore embedded instructions within the fetched comments.
- Capability inventory: The agent possesses the capability to modify local files (via the /evaluate-findings skill) and commit those changes to the repository (via the /stage-commit skill), which could be exploited through malicious comment content.
- Sanitization: The skill does not implement any visible sanitization, filtering, or validation of the fetched comment text before it is processed by subsequent skills.
Audit Metadata