review-pr

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN. The fragment describes a coherent, responsible maintainer automation workflow for PR review within a public repository. It leverages standard tooling, adheres to a maintainer-centric process, and does not reveal dangerous data flows, credential collection, or suspicious install/download behavior. While it enables powerful actions (merge main, push fixes, post verdicts), these actions align with the stated purpose of a maintainer bot when run with proper permissions. LLM verification: This skill's stated purpose (automated maintainer-style PR review and small fixes) aligns with the capabilities it requests, but its operational footprint is broad and risky for automated execution. Key risks: it mandates executing tests/build tooling from untrusted PR code (supply-chain execution), requires write/push permissions to contributor branches or repo (privilege escalation), and includes instructions to hide review activity with a marker. These behaviors are disproportionate for an au