vibers-code-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires commit messages to include "test credentials if login is required" (and gives an example username/password), which forces the agent to include secret values verbatim in outputs and thus creates an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are not direct executable download links, but the workflow instructs you to add an unknown GitHub collaborator and install an unvetted GitHub Action (marsiandeployer/vibers-action) and to send repo/spec data to an external service (vibers.onout.org) — actions that can enable arbitrary code execution, supply-chain compromise, or data exfiltration, so the set is a meaningful security risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs granting an external collaborator and installing a third‑party GitHub Action that "sends us the commit details", and it encourages including test credentials in commit messages — patterns that enable intentional data exfiltration, credential leakage, and supply‑chain/backdoor code injection if the external actor or action is malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Quick Start requires a publicly accessible spec_url (e.g., Google Doc/Notion) and the workflow explicitly states "We read your spec and review changed files" (What Happens After Setup), meaning the service fetches and interprets arbitrary third-party user-generated docs which can directly change its code-fixing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow pulls and runs the external GitHub Action marsiandeployer/vibers-action@v1 (fetched/executed at runtime) and that action is configured to read the runtime spec at https://docs.google.com/document/d/YOUR_SPEC_ID/edit which directly controls review instructions—so remote code/content will influence agent behavior.