qodo-pr-resolver
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Fetches PR/MR comments and specific 'agent prompts' from external git providers (GitHub, GitLab, Bitbucket, Azure DevOps, and Gerrit) in Step 3.
- Boundary markers: No delimiters or 'ignore' instructions are used to separate untrusted comment data from agent instructions.
- Capability inventory: The agent can modify local code using the
EditandWritetools and execute a variety of shell commands via Git and provider-specific CLI tools. - Sanitization: The instructions explicitly direct the agent to follow external 'agent prompts' literally without reinterpretation, creating a risk if an attacker provides malicious instructions in a PR comment.
- [COMMAND_EXECUTION]: Extensively uses shell commands for Git operations and provider interactions (
gh,glab,az,curl). It also utilizes a polling loop within the platform's Monitor tool to wait for review completion. - [EXTERNAL_DOWNLOADS]: Downloads the standard Gerrit
commit-msghook from the user-configured Gerrit instance URL.
Audit Metadata