Skills
skills/udecode/better-convex/resolve-pr-parallel/Gen Agent Trust Hub

resolve-pr-parallel

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from external sources and uses it to drive agent behavior and code implementation.\n
  • Ingestion points: The scripts/get-pr-comments script retrieves Pull Request comment bodies directly from the GitHub GraphQL API.\n
  • Boundary markers: Absent. The workflow and instructions do not utilize delimiters or specific instructions to treat the retrieved comment content as untrusted data rather than direct instructions.\n
  • Capability inventory: The skill has broad capabilities via allowed-tools (Bash with gh and git commands) and the ability to spawn sub-agents, which can be leveraged to modify the codebase, commit changes, and push to remote repositories based on instructions found in the comments.\n
  • Sanitization: Absent. The PR comment bodies are processed and passed to the resolver agents without any validation, filtering, or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:21 AM