review-work

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s broad review purpose mostly matches its repo/QA capabilities, but the Context Miner materially expands scope into Slack/Notion/GitHub discussions and creates an indirect prompt-injection risk by mixing untrusted external content with agents that can execute commands and inspect local state. Not malware, but it is a medium-risk skill that should be used only with tightly scoped permissions and careful isolation of external-content-processing lanes.

Confidence: 84%Severity: 67%
Audit Metadata
Analyzed At
Jun 23, 2026, 11:37 AM
Package URL
pkg:socket/skills-sh/code-yeongyu%2Flazycodex%2Freview-work%2F@e39d3169504a1ec9a2378450133d79d41289bc3fb438b61089679368bb0c95c3
Security Audit — socket — review-work