Skills
skills/pbakaus/agent-reviews/resolve-human-reviews/Gen Agent Trust Hub

resolve-human-reviews

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interprets human PR comments as instructions for code modifications.
  • Ingestion points: Reviewer comments retrieved via the npx agent-reviews --expanded command in Step 1.
  • Boundary markers: None. The instructions lack specific delimiters or guardrails to prevent the agent from obeying malicious instructions embedded within a reviewer's comment.
  • Capability inventory: The agent has the authority to perform file system writes (to fix code) and execute git push to update the remote repository.
  • Sanitization: No sanitization, escaping, or validation of the comment content is performed before the agent processes it for code generation.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx, pnpm dlx, yarn dlx, and bunx to download and execute the agent-reviews package at runtime. This package is managed by the skill's author, aligning with standard vendor functionality, but it involves execution of unversioned code from a remote registry.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the development workflow, including git config to modify global user settings, git commit, and git push to transmit local changes to a remote server.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:46 PM