vibe-review-code

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The URL points to a GitHub repository (oraios/serena@v0.1.4) which may contain arbitrary executable code from an unvetted/unknown author and the skill explicitly instructs downloading/executing it—downloading and running code from such a source without review is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and analyze external, user-generated content—e.g., "Use gh pr diff to fetch the source of truth for changes" and starting Serena via uvx --from git+https://github.com/oraios/serena@v0.1.4—and requires interpreting those results to make review decisions, so untrusted third-party content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs remote code at runtime via the command "uvx --from git+https://github.com/oraios/serena@v0.1.4 serena start-mcp-server", which fetches and executes code from GitHub as part of its required Serena impact analysis step.