repo-explorer

Warn

Audited by Socket on Jun 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is coherent with its repo-analysis purpose, but it carries medium risk. Main concerns are shell command construction from user-controlled inputs, indirect prompt injection from untrusted repositories into a nested agent with Bash access, and transmission of local/private code to Anthropic via the CLI.

Confidence: 86%Severity: 58%
Audit Metadata
Analyzed At
Jun 19, 2026, 02:35 PM
Package URL
pkg:socket/skills-sh/CodeAlive-AI%2Fclaude-repo-explorer-skill%2Frepo-explorer%2F@a142a3cef19c4ecab0bb8383cfdac06e086f35ecf650a0eea4f0f871006e5df7
Security Audit — socket — repo-explorer