address-feedback

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and executes logic based on Pull Request comments provided by external users or automated bots.\n
  • Ingestion points: Pull Request comments and review threads fetched via gh api and GraphQL.\n
  • Boundary markers: No delimiters or instructions are provided to the agent to treat external comment text as untrusted data or to ignore embedded instructions.\n
  • Capability inventory: The skill has the capability to modify the local filesystem (making code changes) and perform write operations to the repository via the GitHub API (replying to comments and resolving threads).\n
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the comment content before it is used to guide the agent's code modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 10:05 PM
Security Audit — agent-trust-hub — address-feedback