github
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to analyze and summarize PR comments, which are untrusted external inputs.
- Ingestion points: Review comments are fetched via GraphQL queries defined in
pr-comment-analyzer/references/github_api_reference.md. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to isolate untrusted comment data from the agent's core instructions.
- Capability inventory: The agent has the capability to update PR descriptions using
gh api(PATCH) as described inpr-descriptions/SKILL.md. - Sanitization: No sanitization or content validation steps are outlined for the ingested comment text.
- Command Execution (SAFE): The skill correctly uses the GitHub CLI (
gh) and provides safe shell patterns, such as single-quoted heredocs (<<'EOF') inpr-descriptions/SKILL.md, to prevent unintended shell expansion or injection when updating PR descriptions.
Audit Metadata