cmd-fix-pr-review
Fail
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The instruction to 'Run autonomously without approval checkpoints' explicitly directs the agent to bypass human-in-the-loop safety measures, allowing it to perform sensitive operations like pushing code without verification.
- [COMMAND_EXECUTION]: The skill utilizes git commands and the GitHub CLI (gh) to manipulate the codebase, create worktrees, and modify remote branches based on instructions derived from external PR comments.
- [DATA_EXFILTRATION]: The skill has a high risk of indirect prompt injection due to its handling of untrusted data from review comments.
- Ingestion points: Pull request comments and review threads are fetched via 'gh pr view' and 'gh api' in 'SKILL.md'.
- Boundary markers: Absent. There are no instructions provided to separate user-provided comments from the agent's core operational logic.
- Capability inventory: The skill has the ability to write to files, commit changes, and push to remote repositories as defined in 'SKILL.md'.
- Sanitization: Absent. The skill automatically applies changes described in PR comments without validation or filtering.
Recommendations
- AI detected serious security threats
Audit Metadata