pr-comment-analysis

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's stated purpose and capabilities align with extracting and analyzing PR comments. No explicit malware or obfuscated/backdoor code is present in the provided documentation. However, the skill’s design routes PR content and code context to third-party MCP servers (ref.tools, Exa) and requires repository-scoped GitHub tokens; this creates a significant data-exposure risk. If you plan to use this skill, treat the MCP servers and configured npx packages as untrusted remote services: vet them, minimize data sent (redact secrets and sensitive code), use least-privilege tokens, and prefer running analysis in a controlled environment. Overall: functionally appropriate but suspicious from a data-exfiltration / supply-chain perspective without further safeguards. LLM verification: No explicit malware was found in the provided files. The dominant security concerns are privacy and supply-chain: documentation encourages unsafe token handling (backtick echo of $GITHUB_TOKEN), unpinned pip installs, and the design routes PR contents and code snippets to external research/search services (mcp__*). These behaviors can lead to accidental token disclosure and unauthorized exfiltration of proprietary code or review comments if those services are not trusted. Recommended mitigations