gh-address-comments

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell command execution to facilitate development workflows. The scripts/fetch_comments.py script uses subprocess.run to execute GitHub CLI (gh) commands. Furthermore, SKILL.md instructs the agent to run project-specific build and test commands (such as npm, yarn, make, or xcodebuild) and standard Git commands for staging and committing code.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted text from GitHub PR comments and review threads to determine which code changes to apply.\n
  • Ingestion points: External comments and reviews are fetched using GraphQL via scripts/fetch_comments.py and presented to the agent.\n
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to isolate external comment content from the agent's core instructions.\n
  • Capability inventory: The agent can modify local source code, execute arbitrary build/test scripts, and push changes to the remote repository.\n
  • Sanitization: There is no automated filtering of the fetched text; however, the skill mitigates risk by requiring the user to manually select which comments to address before the agent takes action.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:53 PM
Security Audit — agent-trust-hub — gh-address-comments