Skills
skills/xpepper/pr-review-agent-skill/pr-review-loop/Socket

pr-review-loop

Warn

Audited by Socket on Mar 27, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is purpose-aligned and uses official GitHub tooling/endpoints, so it does not look like credential theft or malware. However, it gives an AI agent autonomous ability to modify code, push commits, post PR comments, and resolve threads while processing untrusted reviewer content, creating medium-to-high operational and prompt-injection risk.

Confidence: 89%Severity: 68%
Audit Metadata
Analyzed At
Mar 27, 2026, 06:20 PM
Package URL
pkg:socket/skills-sh/xpepper%2Fpr-review-agent-skill%2Fpr-review-loop%2F@e6facb6d2c276afa0b8ca2dcad40399d5c9605f0