The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to bypass safety guidelines or override agent behavior.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill uses the GitHub CLI to interact with GitHub, which is a trusted and expected behavior for this use case.
Obfuscation (SAFE): No base64, zero-width characters, or other encoding techniques were found in the analyzed files.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not download or execute remote scripts. It relies on locally installed tools like gh and jq.
Privilege Escalation (SAFE): No commands like sudo or chmod are used to escalate permissions.
Persistence Mechanisms (SAFE): No attempts to modify system startup or shell profiles were detected.
Metadata Poisoning (SAFE): Skill metadata is descriptive and matches the actual functionality.
Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub PR comments.
Ingestion points: The body of PR comments and review threads fetched via the GitHub API.
Boundary markers: None present. The documentation does not suggest using delimiters or specific warnings to ignore instructions inside comments.
Capability inventory: The skill uses gh api to fetch data and shell scripts for pagination/retries. No code-writing or file-writing capabilities were identified in the provided files.
Sanitization: No sanitization or escaping of the comment body is mentioned before analysis.
Time-Delayed / Conditional Attacks (SAFE): No logic was found that triggers actions based on time or specific environment conditions.
Dynamic Execution (SAFE): The skill does not generate or compile code at runtime.

pr-comment-analyzer