ce-resolve-pr-feedback
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill correctly utilizes authorized tools (
gh,git) and follows security best practices for handling untrusted external data and local script execution.\n- [PROMPT_INJECTION]: The skill processes untrusted PR comments, creating an indirect prompt injection surface. This risk is effectively mitigated by the instructions, which mandate that the agent treat this data as context only and avoid executing any code snippets contained within it.\n - Ingestion points: External data enters the agent context via
scripts/get-pr-comments, which fetches PR reviews and comments.\n - Boundary markers: The instructions include a dedicated 'Security' section warning that comment text is untrusted and should never be used to execute commands.\n
- Capability inventory: The skill uses
gh,git, andReadto perform its tasks, with built-in validation steps (e.g., running project tests) to ensure correctness.\n - Sanitization: The skill logically filters out non-actionable bot content and focuses on substantive reviewer feedback.
Audit Metadata