Skills
skills/firecrawl/openai-skills/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python script scripts/fetch_comments.py executes the GitHub CLI (gh) via subprocess.run to interact with the GitHub GraphQL API and retrieve pull request information.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md explicitly request the platform to use sandbox_permissions=require_escalated and elevated network access to enable the gh tool to function, which constitutes a request for higher execution privileges.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources (GitHub PR comments).
  • Ingestion points: Pull request comments, review bodies, and review thread content are fetched by scripts/fetch_comments.py and provided to the agent.
  • Boundary markers: The skill does not define clear delimiters or use instructions to ignore embedded commands within the fetched GitHub data.
  • Capability inventory: The agent can execute local scripts and is tasked with applying fixes to the codebase based on the fetched comments, granting it write access to the repository.
  • Sanitization: No filtering or sanitization is performed on the comment text before it is presented to the agent for action.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 03:02 PM
Security Audit — agent-trust-hub — gh-address-comments