code-review-ai-ai-review

[Skill Scanner] Detected system prompt override attempt All findings: [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The code implements a plausible and functional AI-assisted code review pipeline but introduces moderate supply-chain/privacy risk. The greatest concern is exfiltration of sensitive repository contents or discovered secrets via prompts sent to third-party LLMs and retention in CI artifacts or logs. Recommended mitigations: enforce least-privilege tokens (scoped GitHub app tokens), redact or block secrets before including diffs/analysis in prompts, use enterprise/isolated LLM endpoints or on-prem models, add strict schema validation for LLM responses, limit artifact retention and log verbosity, and add sandboxing/timeouts and verification for invoked CLI tools. No evidence of deliberate malware was found in the provided code fragment. LLM verification: This code fragment describes a legitimate AI-assisted code-review orchestration skill and contains no clear in-line malware or obfuscated payloads. The dominant security concern is operational: the design demonstrates multiple, straightforward paths for sensitive repository data and secrets to be transmitted to external AI services and SaaS scanners if implementers do not add redaction, prompt-sanitization, credential safeguards, and deployment policies. Recommend that implementers add pre-send