fix-pr-issues
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from GitHub PR comments, reviews, and the PR body (e.g., the BM_BOSSBOT_SUMMARY block). An attacker with access to comment on the PR could embed malicious instructions.
- Ingestion points: SKILL.md (Gather step 2: PR comments, review summaries, inline comments, and the PR body summary).
- Boundary markers: Absent. There are no instructions to the agent to treat external content as data only or to ignore embedded instructions.
- Capability inventory: The agent can read and edit any file in the repository, commit changes (git commit -s), and push to the remote branch.
- Sanitization: Absent. The skill does not implement any validation or filtering of the feedback content before processing it.
Audit Metadata