github-code-review

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill's functionality is coherent with its stated purpose (GitHub multi-agent code review). However, the provided webhook handler example is insecure: it runs unsanitized PR comment content and other event fields directly in execSync shell commands, creating a direct command-injection and remote code execution risk. Combined with npx usage (runtime package execution) and repository-scoped tokens, this design could allow an attacker who can post a PR comment or manipulate dependencies to execute arbitrary code and act on the repository. The file is not itself obviously malicious, but it contains high-risk insecure patterns that make it dangerous to deploy without fixes (command validation, webhook signature verification, and safer execution practices). LLM verification: The provided README describes legitimate tooling for orchestrating GitHub PR reviews but it instructs users to execute third-party code via npx and to pass potentially sensitive PR data to that code. The document itself contains no explicit malicious code, but the operational pattern introduces a non-trivial supply-chain and data-exfiltration risk. Before using this workflow: audit the ruv-swarm package and its dependencies, pin versions and verify checksums, run in restricted least-privilege en