Skills
skills/proffesor-for-testing/agentic-qe/qe-github-code-review/Gen Agent Trust Hub

qe-github-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill's example webhook handler (webhook-handler.js) uses execSync to execute shell commands using unvalidated strings from Pull Request comments. An attacker can use shell metacharacters (e.g., ;, &, |) in a PR comment starting with /swarm to execute arbitrary commands on the host system.
  • [REMOTE_CODE_EXECUTION]: This vulnerability enables remote code execution through the processing of untrusted external data. Evidence Chain for Category 8 logic: 1. Ingestion points: event.comment.body in webhook-handler.js. 2. Boundary markers: Absent; the code only checks for a prefix but does not sanitize the remainder of the payload. 3. Capability inventory: Spawning subprocesses via execSync with access to gh CLI and potentially sensitive environment variables like GITHUB_TOKEN. 4. Sanitization: Completely absent.
  • [EXTERNAL_DOWNLOADS]: The skill relies extensively on npx to download and execute the ruv-swarm package at runtime. This package is an external dependency from an unverified source, introducing a supply chain risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 06:09 PM