qodo-pr-resolver

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: Fetches PR/MR comments and specific 'agent prompts' from external git providers (GitHub, GitLab, Bitbucket, Azure DevOps, and Gerrit) in Step 3.
  • Boundary markers: No delimiters or 'ignore' instructions are used to separate untrusted comment data from agent instructions.
  • Capability inventory: The agent can modify local code using the Edit and Write tools and execute a variety of shell commands via Git and provider-specific CLI tools.
  • Sanitization: The instructions explicitly direct the agent to follow external 'agent prompts' literally without reinterpretation, creating a risk if an attacker provides malicious instructions in a PR comment.
  • [COMMAND_EXECUTION]: Extensively uses shell commands for Git operations and provider interactions (gh, glab, az, curl). It also utilizes a polling loop within the platform's Monitor tool to wait for review completion.
  • [EXTERNAL_DOWNLOADS]: Downloads the standard Gerrit commit-msg hook from the user-configured Gerrit instance URL.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 11:43 AM
Security Audit — agent-trust-hub — qodo-pr-resolver