address-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and executes logic based on Pull Request comments provided by external users or automated bots.\n
- Ingestion points: Pull Request comments and review threads fetched via
gh apiand GraphQL.\n - Boundary markers: No delimiters or instructions are provided to the agent to treat external comment text as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The skill has the capability to modify the local filesystem (making code changes) and perform write operations to the repository via the GitHub API (replying to comments and resolving threads).\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the comment content before it is used to guide the agent's code modifications.
Audit Metadata