Skills
skills/kamranahmedse/diffity/diffity-resolve/Socket

diffity-resolve

Warn

Audited by Socket on Mar 31, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s purpose is coherent, but its actual footprint depends on an insufficiently verified external CLI and gives the agent autonomous ability to modify code and post/resolve review comments based on untrusted review text. The biggest risks are supply-chain trust and indirect prompt injection, not confirmed malware.

Confidence: 88%Severity: 82%
Audit Metadata
Analyzed At
Mar 31, 2026, 11:45 AM
Package URL
pkg:socket/skills-sh/kamranahmedse%2Fdiffity%2Fdiffity-resolve%2F@4b32a9c77d7eecf81f3b64209fd14490a2618064