Skills
skills/frankxai/arcanea/github-code-review/Gen Agent Trust Hub

github-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The provided webhook-handler.js example contains a command injection vulnerability. It takes user-controlled input from GitHub PR comments (event.comment.body) and passes it directly to execSync without sanitization or escaping. An attacker could execute arbitrary shell commands on the host by crafting a malicious PR comment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub pull requests (titles, bodies, and diffs) to drive agent behavior.
  • Ingestion points: Pull request data is fetched in SKILL.md using gh pr view and gh pr diff commands.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are used when passing PR data to the agents.
  • Capability inventory: The skill performs subprocess calls via the GitHub CLI, including posting comments, requesting changes, and potentially merging code.
  • Sanitization: There is no evidence of sanitization, validation, or escaping of the external PR content before it is processed by the AI agents.
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the ruv-swarm package via npx and utilizes the official GitHub CLI for repository interactions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 10:51 AM