pr-comments
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted third-party input from GitHub review comments, which presents a surface for indirect prompt injection attacks where a reviewer could attempt to influence the agent's actions beyond code review.
- Ingestion points: Fetches review comments via the GitHub API in SKILL.md (Step 2).
- Boundary markers: Utilizes a human-in-the-loop confirmation mechanism in SKILL.md (Step 6), requiring the user to approve a summary plan before any edits or commits occur.
- Capability inventory: The skill has the ability to read and modify local source code, execute git commits (Step 9), and perform network operations via the GitHub CLI to post replies and resolve threads (Steps 10-11).
- Sanitization: Includes a dedicated screening process in SKILL.md (Step 4a) designed to detect and flag instructions directed at the AI agent, encoded content, or requests for unauthorized actions.
Audit Metadata