Skills
skills/vdustr/skills/vp-pr-comment-resolver/Gen Agent Trust Hub

vp-pr-comment-resolver

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from GitHub Pull Request comments, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent's context through GraphQL queries fetching review threads and PR comments in SKILL.md and references/workflow.md.
  • Boundary markers: The skill includes explicit instructions for "Critical Thinking Before Action" and "Verify Before Acting" to prevent the agent from blindly following instructions embedded in comments.
  • Capability inventory: The agent has capabilities to read and modify local files, perform git operations (add, commit, push), and use the gh CLI to interact with the GitHub API (reply to comments, resolve threads).
  • Sanitization: There is no programmatic sanitization of the comment body; the skill relies on instructional safeguards for the agent to technically validate suggestions before acting.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:53 AM