Skills
skills/ypyt1/all-skills/pr-issue-resolve/Gen Agent Trust Hub

pr-issue-resolve

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external GitHub data.
  • Ingestion points: PR titles, descriptions, and comments are fetched using gh pr view, gh pr comment list, and gh api in SKILL.md and references/commands/pr-issue-resolve.md.
  • Boundary markers: No specific delimiters or safety instructions are provided to the agent to distinguish between task instructions and untrusted data retrieved from the PR.
  • Capability inventory: The agent has the ability to modify project code, run arbitrary build scripts (npm run build, yarn build), and interact with GitHub via gh commands as described in SKILL.md.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from GitHub before it is used to plan and execute code changes.
  • [COMMAND_EXECUTION]: The workflow includes executing local build and test commands (npm run build, yarn build) in SKILL.md. This represents a risk if an attacker-controlled PR modifies project configuration files (like package.json) to include malicious commands that the agent then executes during the resolution process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:37 AM