pr-comment-fix

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill retrieves untrusted pull request comment bodies from GitHub using the GraphQL API in Step 2. These comments are used as instructions for code modifications in Step 4. Because there are no boundary markers or validation steps to isolate comment text, a malicious user could leave a comment containing instructions designed to hijack the agent's behavior (indirect prompt injection), potentially leading to unauthorized repository changes.
  • [COMMAND_EXECUTION]: In Step 4.4, the skill instructions direct the agent to run project-specific build or lint commands to validate fixes. Executing these local scripts based on the state of a PR branch could lead to arbitrary code execution if the repository configuration files (e.g., package scripts or makefiles) have been tampered with.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:53 PM
Security Audit — agent-trust-hub — pr-comment-fix