review-and-submit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly automates autonomous code edits and PR merges without user confirmation, uses --admin merges and force-pushes (bypassing branch protections and CI checks), and thus creates a high-risk capability for unauthorized code injection and supply-chain/backdoor insertion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and interprets user-generated GitHub content (e.g., via "gh pr checks", "gh pr view", and "gh run view --log-failed" in the required workflow) — CI logs, PR metadata, and run outputs are untrusted third‑party content that the agent reads and uses to decide fixes and merges, enabling indirect prompt injection.