Skills
skills/zenobi-us/dotfiles/github-pr-comment-analyzer/Gen Agent Trust Hub

github-pr-comment-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from GitHub PR comments and incorporates it into analysis reports.
  • Ingestion points: Comment bodies are fetched via GraphQL queries using the GitHub CLI in 'SKILL.md' (Step 1.2) and 'references/github_api_reference.md'.
  • Boundary markers: The skill uses markdown blockquotes ('>') to delimit comment content in the generated report (Step 4.2), which provides minimal isolation for the untrusted content.
  • Capability inventory: The skill executes local shell commands using the 'gh' CLI and performs file write operations to save reports.
  • Sanitization: There is no explicit sanitization or escaping of the ingested comment text before it is processed or written to the final markdown report.
  • [COMMAND_EXECUTION]: The skill relies on the GitHub CLI ('gh') to interact with the GitHub API.
  • Evidence: Multiple instances of 'gh pr view', 'gh api graphql', and 'gh pr checks' are used across 'SKILL.md' and the reference documentation.
  • Context: These commands are used for their intended purpose of gathering pull request metadata and comments for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:36 PM