resolve-review
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes GitHub PR comments to guide code modifications and verification steps.
- Ingestion points: PR comments and review summaries are fetched via GitHub CLI tools in SKILL.md and REFERENCE.md.
- Boundary markers: The skill uses reasoning-based safeguards like 'State your understanding' but lacks programmatic delimiters for untrusted data.
- Capability inventory: The skill has extensive capabilities including file system access, Git push operations, GitHub API write access, and execution of local test suites.
- Sanitization: No explicit validation or structural escaping is performed on the content of the review comments before processing.
Audit Metadata