Skills
skills/vdustr/skills/vp-pr-review-followup/Gen Agent Trust Hub

vp-pr-review-followup

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted input from GitHub PR comments, review threads, and commit messages, which presents an indirect prompt injection surface.
  • Ingestion points: In references/workflow.md, the skill uses gh api graphql to fetch reviewThreads (opener and latest comments), prComments, and PR commits. SKILL.md directs the agent to read and evaluate these comments.
  • Boundary markers: Absent. No specific boundary markers or instructions to treat PR content as untrusted or to use delimiters are provided in the instructions.
  • Capability inventory: The skill has write capabilities to the repository, including adding comments and resolving threads via gh api graphql. Furthermore, SKILL.md and workflow.md suggest running "targeted tests" or "reproduction commands" on the PR branch as part of the verification process.
  • Sanitization: Absent. The agent is instructed to use evidence from the PR content (e.g., quoting excerpts) without explicit sanitization or escaping guidelines.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its primary functions and verification steps.
  • Evidence: references/workflow.md specifies numerous gh CLI commands for fetching and updating PR data. SKILL.md instructs the agent to "Run targeted tests or reproduction commands when the claim depends on behavior," which involves executing code found within the PR branch being reviewed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:53 AM
Security Audit — agent-trust-hub — vp-pr-review-followup