Skills
skills/mgratzer/forge/forge-address-pr-feedback/Gen Agent Trust Hub

forge-address-pr-feedback

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection via Review Comments.
  • Ingestion points: The skill retrieves review thread bodies and comments from the GitHub API using gh api graphql in SKILL.md.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between legitimate feedback and malicious instructions within the comments.
  • Capability inventory: The agent is authorized to use Edit, Write, and Bash tools, allowing it to modify source code, run arbitrary checks, and push changes to the repository.
  • Sanitization: There is no logic to sanitize or validate the content of the comments before the agent interprets them to perform actions.
  • [COMMAND_EXECUTION]: Shell Command Interpolation.
  • The skill constructs shell commands by interpolating variables like <PR_NUMBER>, <OWNER>, and <REPO> directly into gh and git command strings. If these variables are sourced from untrusted data (e.g., a maliciously crafted branch name or PR metadata), it could lead to command injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 11:36 AM