pr-fix-loop
Warn
Audited by Socket on Jun 24, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core purpose aligns with the capabilities, and the only explicit external tool is official GitHub CLI, so there is no strong malware or credential-harvesting signal in the provided text. However, the skill enables autonomous code changes, pushes, and GitHub write actions based on untrusted PR/CI/comment content, and a referenced command file was not provided, leaving meaningful operational risk and incomplete verifiability.
Confidence: 85%Severity: 64%
Audit Metadata