resolve-fixed-pr-comments
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
ghCLI andgitcommands to perform read-only operations such as viewing PR status and inspecting file content. - [EXTERNAL_DOWNLOADS]: Includes a fallback mechanism using
curlto fetch information from public GitHub repositories when CLI or MCP tools are unavailable. - [PROMPT_INJECTION]: The skill processes untrusted PR comments, which creates a potential surface for indirect prompt injection.
- Ingestion points: PR review comments and thread descriptions are ingested from GitHub (SKILL.md).
- Boundary markers: The instructions include strict guidelines that define the only permitted write action as resolving a thread, effectively instructing the agent to ignore any executable instructions within the comments (SKILL.md).
- Capability inventory: The skill is strictly limited to resolving PR threads; it is expressly forbidden from modifying code, creating files, or performing mutating git operations like push or commit (SKILL.md).
- Sanitization: Verification is based on matching the current code state to human/bot requirements rather than executing or interpolating comment text as commands.
Audit Metadata