github-code-review

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content includes an unsafe webhook handler that directly shells unsanitized PR comment content (execSync with event.comment.body), plus extension points (custom-agent registration, auto-fix/auto-merge workflows running with repo tokens) that together enable remote command execution, covert backdoor activity, and potential secret/exfiltration abuse if an attacker controls PR comments or registers malicious agents.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on untrusted, user-generated GitHub PR content (e.g., gh pr view / gh pr diff / PR bodies/files) and webhook comment bodies — see the SKILL.md examples and the webhook-handler.js that execSyncs event.comment.body — allowing third‑party text to influence agent actions and command execution.