Skills
skills/skinnyandbald/fish-skills/resolve-bot-reviews/Gen Agent Trust Hub

resolve-bot-reviews

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to interact with the local environment and the GitHub API. This includes using gh api graphql for data retrieval and mutation, as well as git commands (add, commit, push) for version control operations.
  • [DATA_EXFILTRATION]: The skill reads repository content and pull request data to identify necessary fixes. While these operations are directed towards the official GitHub API and the user's configured remote, they represent a path for data movement from the local environment to an external service.
  • [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from external pull request comments to drive automated code modifications.
  • Ingestion points: External pull request comments are fetched via the reviewThreads GraphQL query in SKILL.md (Phase 1b).
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to prevent the agent from obeying instructions embedded within the fetched comment text.
  • Capability inventory: The agent possesses full file system read/write access, the ability to execute shell commands (git, gh), and the ability to push changes to remote repositories.
  • Sanitization: Absent. The skill instructs the agent to "Apply the bot's suggested fix" or "Rewrite the flagged pattern" based on the content of the comments without explicit sanitization or validation of the suggested code changes against security policies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 07:13 AM