Skills
skills/pbakaus/agent-reviews/resolve-reviews/Gen Agent Trust Hub

resolve-reviews

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and runs the agent-reviews package from the NPM registry using npx, pnpm dlx, yarn dlx, or bunx at runtime.
  • [REMOTE_CODE_EXECUTION]: Executing unversioned packages via npx constitutes remote code execution. The resource agent-reviews is owned by the skill author (pbakaus), representing a vendor-provided tool.
  • [COMMAND_EXECUTION]: The skill requires shell access to perform git operations, including git config --global, git commit, and git push, as well as interacting with the GitHub CLI (gh).
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and acts upon PR comments from potentially untrusted contributors.
  • Ingestion points: PR comment bodies are fetched in SKILL.md via npx agent-reviews --unanswered --expanded (Phase 1) and npx agent-reviews --detail <id> (Phase 2).
  • Boundary markers: No specific delimiters or 'ignore' instructions are documented when interpolating comment text into the agent's evaluation logic.
  • Capability inventory: The agent can modify the local filesystem, perform git commit, git push, and post replies to GitHub via npx agent-reviews --reply.
  • Sanitization: There is no evidence of sanitization or filtering of comment content before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 07:01 AM