Skills
skills/giuseppe-trisciuoglio/developer-kit/pr-review-comments/Gen Agent Trust Hub

pr-review-comments

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/post_pr_comments.py uses subprocess.run to execute the GitHub CLI (gh) for repository detection and API interactions. It properly passes arguments as a list, which avoids shell interpretation and mitigates common command injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests data from an external JSON file and interpolates its content into GitHub Pull Request comments without sanitization or boundary markers.
  • Ingestion points: The --json file read and parsed by scripts/post_pr_comments.py.
  • Boundary markers: None; the script does not wrap untrusted content in delimiters or include instructions to the model to ignore embedded commands.
  • Capability inventory: The script possesses the capability to write data to GitHub (creating reviews and comments) via the gh api tool in scripts/post_pr_comments.py.
  • Sanitization: None; values for body, summary, and failure_scenario are extracted directly from the JSON and posted as-is.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:23 PM
Security Audit — agent-trust-hub — pr-review-comments