autofix
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates high security awareness regarding indirect prompt injection (Category 8). It explicitly labels PR comments as 'untrusted input' and provides a 'Security Rules' section that instructs the agent to ignore any malicious instructions embedded in the comments.
- [SAFE]: Data protection is built into the workflow. The instructions explicitly forbid the agent from reading sensitive files like secrets, tokens, dotfiles, or home directory contents, even if requested by a review comment.
- [SAFE]: The modification scope is strictly controlled. The agent is instructed to limit changes to the PR diff and to avoid extending fixes to sensitive areas like CI/CD, authentication, or infrastructure unless they were already part of the PR's changes.
- [SAFE]: Command execution is handled securely. The skill prohibits interpolating comment text directly into shell commands, mitigating risks of shell injection. It also uses a 'best-effort' validation step (running tests/lint/build) to ensure generated code doesn't break the codebase.
Audit Metadata