Skills
skills/udecode/plate/resolve-pr-feedback/Gen Agent Trust Hub

resolve-pr-feedback

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from GitHub PR comments to drive code changes and sub-agent workflows. A malicious comment could contain instructions intended to bypass safety guidelines or manipulate the repository.\n
  • Ingestion points: The scripts/get-pr-comments script fetches the body of PR review threads, comments, and reviews from the GitHub API via GraphQL.\n
  • Boundary markers: There are no explicit delimiters or system instructions used to isolate the untrusted comment content from the agent's logic when delegating tasks to sub-agents (e.g., in Step 4).\n
  • Capability inventory: The skill possesses extensive capabilities, including file modification, committing code, and pushing to remote branches via git and gh tools.\n
  • Sanitization: The workflow lacks sanitization or validation of the ingested comment text before it is provided as instruction context to sub-agents.\n- [COMMAND_EXECUTION]: The skill makes extensive use of git and the GitHub CLI (gh) to perform its primary tasks. While these tools are used for their intended purpose, they are invoked via bash scripts with arguments derived from user-supplied data (PR numbers and URLs). The use of parameterized GraphQL queries helps mitigate API-level injection, but the overall execution flow depends on the agent's correct parsing and validation of external identifiers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:22 AM