Skills
skills/gemini-cli-extensions/workspace/code-reviewer/Gen Agent Trust Hub

code-reviewer

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis

================================================================================

🔴 VERDICT: CRITICAL

This skill instructs the agent to download and execute arbitrary code from external, unverified sources. Specifically, it uses gh pr checkout to download code from a GitHub Pull Request and then runs npm install and various npm run commands (build, test, lint, format:check).

  • gh pr checkout <PR_NUMBER>: This command downloads the code from a specified Pull Request. The content of a PR is user-generated and cannot be trusted. Executing this command places unverified external code into the agent's workspace.
  • npm install: While npmjs.com is a trusted registry, the packages themselves are user-submitted. npm install can execute arbitrary postinstall scripts defined within these packages. This is a known vector for supply chain attacks.
  • npm run build, npm run test, npm run lint, npm run format:check: These commands execute scripts defined in the package.json of the downloaded or local project. These scripts can contain any shell command, leading to arbitrary command execution. A malicious actor could craft a PR or a local change with package.json scripts designed to exfiltrate data, establish persistence, or escalate privileges.

The combination of downloading unverified code and then executing arbitrary scripts from within that code constitutes a critical security vulnerability, allowing for complete compromise of the agent's execution environment.

Total Findings: 5

🔴 CRITICAL Findings: • Arbitrary Command Execution from Unverified Sources

  • Line 23: gh pr checkout <PR_NUMBER> • Arbitrary Command Execution from Unverified Sources
  • Line 26: npm install • Arbitrary Command Execution from Unverified Sources
  • Line 27: npm run build • Arbitrary Command Execution from Unverified Sources
  • Line 28: npm run test • Arbitrary Command Execution from Unverified Sources
  • Line 29: npm run lint • Arbitrary Command Execution from Unverified Sources
  • Line 30: npm run format:check

ℹ️ TRUSTED SOURCE References: • GitHub CLI (gh pr checkout)

  • Line 23: While GitHub is a trusted platform, the content of a Pull Request is user-generated and untrusted. The execution of gh pr checkout followed by npm run commands on this untrusted content is the critical vulnerability. • npm registry (npm install)
  • Line 26: While npmjs.com is a trusted registry, the packages hosted there are user-submitted and can contain malicious postinstall scripts. The execution of npm install on unverified project code is a critical vulnerability.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 12, 2026, 03:10 PM