Skills
skills/ravnhq/ai-toolkit/pr-comments-address/Gen Agent Trust Hub

pr-comments-address

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub PR comments and project-level rules files which could contain malicious instructions.
  • Ingestion points: External content is fetched via 'gh pr view' (comments) and local file reads (CLAUDE.md/rules).
  • Boundary markers: Instructions do not use delimiters or provide warnings to ignore embedded instructions in external data.
  • Capability inventory: The skill has the ability to write to the file system and perform authenticated GitHub API writes.
  • Sanitization: No programmatic sanitization or validation of comment content is performed.
  • [SAFE]: The skill explicitly includes mandatory human-in-the-loop (HITL) checkpoints in Step 4, Step 5, and Step 8, requiring explicit user approval before the agent modifies files or posts replies to GitHub.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 09:04 PM