when-reviewing-code-comprehensively-use-code-review-assistant

Fail

Audited by Snyk on Jun 26, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill instructs running a secret scanner (gitleaks) and saving its findings (security-report.json) into agent memory/post-edit hooks, which can include raw secret values and therefore requires the LLM to handle potentially verbatim secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests the PR’s changed source files (and derived reports like eslint-report.json, security-report.json, coverage-summary.json) into the agents’ LLM context for analysis, which is outsider-authored free text from the PR author(s) via the PR diff/files path.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly invokes the runtime-installed npm package via "npx claude-flow@alpha" (fetched from the npm registry, e.g. https://www.npmjs.com/package/claude-flow), which will fetch and execute remote code at runtime and is used to control agent hooks/sessions and thus can directly control agent instructions.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 26, 2026, 03:21 AM
Issues
3
Security Audit — snyk — when-reviewing-code-comprehensively-use-code-review-assistant