Skills
skills/ruvnet/ruflo/github-code-review/Gen Agent Trust Hub

github-code-review

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The provided webhook-handler.js integration example uses child_process.execSync with unsanitized input from GitHub issue comments (event.comment.body). An attacker could post a specially crafted comment (e.g., using shell metacharacters like ;, &&, or |) to execute arbitrary commands on the server hosting the webhook.
  • [REMOTE_CODE_EXECUTION]: The skill relies on npx to execute ruv-swarm for various orchestration tasks. While ruv-swarm is a resource associated with the author (ruvnet), the use of npx involves the dynamic execution of remote packages.
  • [EXTERNAL_DOWNLOADS]: The skill requires several external dependencies including the GitHub CLI (gh), ruv-swarm, and claude-flow to function.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Pull Request diffs and comments to drive AI agent behavior.
  • Ingestion points: Data enters through gh pr view, gh pr diff, and webhook event bodies.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
  • Capability inventory: The skill can perform sensitive actions including posting PR comments, requesting changes, adding labels, and merging code.
  • Sanitization: No evidence of sanitization or validation of the ingested PR content is present in the provided scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 04:32 PM