resolve-pr-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted data in the form of GitHub PR review comments which are used to guide code modifications and command execution.
- Ingestion points: Fetches review thread comments using the
gh api graphqlcommand in Phase 2. - Boundary markers: Absent. The instructions do not specify delimiters or explicit warnings to treat the comment text as untrusted data when passing it to the model for classification or implementation.
- Capability inventory: The skill utilizes high-privilege tools including
Bash,Edit,Write, and performsgit pushoperations. - Sanitization: Absent. There is no evidence of sanitization or validation of the comment content before it influences file edits or git operations.
- [COMMAND_EXECUTION]: The skill frequently executes shell commands via the
gh(GitHub CLI) andgitutilities to manage repository state, fetch data, and push changes. While these are necessary for the skill's stated purpose, they provide a powerful execution environment that could be abused if the AI is successfully injected through a malicious PR comment.
Audit Metadata