review-github-pr
Warn
Audited by Socket on Apr 12, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill's GitHub access and review-posting behavior fit its stated purpose, and data goes directly to official GitHub tooling. However, it reviews untrusted PR content and then executes repository-influenced commands from `CLAUDE.md`, creating a significant indirect prompt-injection and untrusted-command-execution risk. Not malicious on its face, but risky to run against untrusted repositories or PRs without isolation.
Confidence: 88%Severity: 68%
Audit Metadata