Skills
skills/jetbrains/skills/gh-address-comments/Gen Agent Trust Hub

gh-address-comments

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fetch_comments.py utilizes the subprocess module to execute GitHub CLI (gh) commands for fetching pull request metadata, reviews, and conversation threads.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md guide the agent to request escalated permissions (require_escalated) within its execution environment if authentication checks for the GitHub CLI are restricted by sandboxing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from GitHub PR comments and is tasked with applying code fixes based on that content.
  • Ingestion points: PR comments, review bodies, and inline thread comments are fetched from GitHub and provided to the agent context via scripts/fetch_comments.py.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched comment content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The agent is authorized to modify the local codebase to "apply fixes" as directed by the instructions in SKILL.md.
  • Sanitization: The skill does not perform any validation, filtering, or sanitization of the text retrieved from the GitHub API before presenting it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:49 PM
Security Audit — agent-trust-hub — gh-address-comments