gh-address-comments
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to facilitate development workflows. The
scripts/fetch_comments.pyscript usessubprocess.runto execute GitHub CLI (gh) commands. Furthermore,SKILL.mdinstructs the agent to run project-specific build and test commands (such asnpm,yarn,make, orxcodebuild) and standard Git commands for staging and committing code.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted text from GitHub PR comments and review threads to determine which code changes to apply.\n - Ingestion points: External comments and reviews are fetched using GraphQL via
scripts/fetch_comments.pyand presented to the agent.\n - Boundary markers: Absent. The skill does not use specific delimiters or instructions to isolate external comment content from the agent's core instructions.\n
- Capability inventory: The agent can modify local source code, execute arbitrary build/test scripts, and push changes to the remote repository.\n
- Sanitization: There is no automated filtering of the fetched text; however, the skill mitigates risk by requiring the user to manually select which comments to address before the agent takes action.
Audit Metadata