Skills
skills/mblode/agent-skills/pr-comments/Gen Agent Trust Hub

pr-comments

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted PR comments from external sources (humans and bots) and uses them to guide code-fixing subagents. This presents an indirect prompt injection surface.
  • Ingestion points: SKILL.md and references/github-api.md describe fetching comments via the GitHub API.
  • Boundary markers: SKILL.md uses a template to isolate findings for subagents, though content is derived from external strings.
  • Capability inventory: SKILL.md executes subagents with file-writing capabilities and uses the gh CLI for git operations and thread resolution.
  • Sanitization: No specific sanitization or filtering of comment text is noted prior to subagent interpolation.
  • Mitigation: A mandatory human approval gate is required in Phase 3 before any fixes are executed.
  • [COMMAND_EXECUTION]: Executes gh CLI commands to interact with GitHub PRs and git to commit and push changes.
  • [EXTERNAL_DOWNLOADS]: Fetches data from GitHub, a well-known service, to retrieve pull request comments and review threads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 02:02 PM