fix-pr-issues

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from GitHub PR comments, reviews, and the PR body (e.g., the BM_BOSSBOT_SUMMARY block). An attacker with access to comment on the PR could embed malicious instructions.
  • Ingestion points: SKILL.md (Gather step 2: PR comments, review summaries, inline comments, and the PR body summary).
  • Boundary markers: Absent. There are no instructions to the agent to treat external content as data only or to ignore embedded instructions.
  • Capability inventory: The agent can read and edit any file in the repository, commit changes (git commit -s), and push to the remote branch.
  • Sanitization: Absent. The skill does not implement any validation or filtering of the feedback content before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 02:32 PM
Security Audit — agent-trust-hub — fix-pr-issues