Skills
skills/gentleman-programming/gentle-ai/comment-writer/Gen Agent Trust Hub

comment-writer

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill instructions define a specific persona and formatting rules for developer collaboration. No malicious patterns, obfuscation, or bypass attempts were detected.
  • [COMMAND_EXECUTION]: Includes a reference to gh pr view, which is a legitimate tool for inspecting Pull Request metadata. The command is scoped to specific non-sensitive fields such as title and body.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from Pull Requests.
  • Ingestion points: Pull Request title and body are fetched via the gh pr view command in SKILL.md.
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded within the fetched PR content.
  • Capability inventory: Uses the GitHub CLI (gh) for read operations.
  • Sanitization: Absent; the content is processed directly for comment generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 05:54 AM