pr-review

================================================================================

🟡 VERDICT: MEDIUM

This skill is designed to automate local development environment checks and code review processes. It executes several shell commands, including npm install and docker compose up -d, which involve downloading and running external code and Docker images. While these are standard development practices, from an 'assume-malicious' posture, any external code not directly auditable by this analysis poses a risk. The skill itself does not exhibit malicious behavior such as data exfiltration, privilege escalation, or persistence mechanisms.

Total Findings: 2

🟡 MEDIUM Findings: • Unverifiable Dependencies

• Line 27: npm install
• The skill instructs the agent to run npm install. This command downloads and executes code from external npm registries. The contents of these packages are not auditable by this analysis, posing a risk if a dependency is compromised or malicious. • Unverifiable Dependencies
• Line 42: docker compose up -d
• The skill instructs the agent to run docker compose up -d. This command pulls and runs Docker images from external registries. The contents of these images are not auditable by this analysis, posing a risk if an image is compromised or malicious.

🔵 LOW Findings: • Indirect Prompt Injection Risk

• Line 170: ReadLints
• The skill processes user-controlled content (changed files) for analysis (e.g., linting, type checking, pattern matching). While the skill's actions are limited to reporting and blocking, there's a general risk that malicious instructions could be embedded in comments or string literals within the processed code. This is an inherent risk for any code analysis tool, but the skill itself does not attempt to execute arbitrary code from these inputs.

================================================================================