Skills
skills/latitude-dev/latitude-llm/review-pr-comments/Gen Agent Trust Hub

review-pr-comments

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow that ingests untrusted data from GitHub PR comments and review threads, which can lead to Indirect Prompt Injection. An attacker with access to the PR could post comments containing malicious instructions that the agent might execute.
  • Ingestion points: Comments are fetched using gh pr view --json comments and gh api calls to the pulls/comments and reviewThreads endpoints in SKILL.md sections 2.2 and 2.3.
  • Boundary markers: The instructions lack boundary markers or specific guidance for the agent to separate instructions from the fetched comment data.
  • Capability inventory: The skill grants the agent the ability to perform git commit, git push, and use gh api for mutations (POST/GraphQL) to reply to comments and resolve threads.
  • Sanitization: There is no evidence of input validation or sanitization for the fetched comment content before processing.
  • [COMMAND_EXECUTION]: The skill explicitly uses shell commands including gh (GitHub CLI) and git to interact with the repository and GitHub API, which is the primary method of operation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 05:51 PM