resolving-github-pull-request-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it fetches and processes untrusted GitHub PR comments to perform code modifications. Ingestion points: Review comments and threads are fetched via GraphQL in SKILL.md. Boundary markers: No delimiters or sanitization logic are present; the skill is explicitly instructed to process EVERY unresolved thread. Capability inventory: The skill has permissions to modify local files, commit changes, push to remote repositories, and execute local scripts. Sanitization: There is no validation or human-in-the-loop verification before applying external code suggestions.
- [COMMAND_EXECUTION]: The skill executes various shell commands and project-specific scripts that could lead to arbitrary code execution. Evidence: The workflow includes running npm run lint, npm test, and npm run build (SKILL.md, Step 3.2), which may execute malicious code if the target repository or the applied PR suggestions are compromised.
Audit Metadata