pr-comment-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted input from code review comments to drive high-privilege actions like code modification.
- Ingestion points: PR comments and code review feedback (SKILL.md).
- Boundary markers: The skill lacks explicit delimiters or instructions to treat the comment text as data rather than instructions, increasing the risk that the agent might follow malicious commands embedded in the feedback.
- Capability inventory: Based on its purpose, the skill utilizes file-writing capabilities to implement changes. If combined with network tools available to the agent, this creates a path for data exfiltration via malicious comments.
- Sanitization: There is no technical sanitization or validation of the input; the skill relies solely on the LLM's internal reasoning to identify and pause for conflicting or suspicious requests.
Audit Metadata