skills/dnyoussef/ai-chrome-extension/when-reviewing-pull-request-orchestrate-comprehensive-code-review/Gen Agent Trust Hub
when-reviewing-pull-request-orchestrate-comprehensive-code-review
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The shell scripts provided in SKILL.md are vulnerable to command injection. The variable PR_ID and the derived PR_NUMBER are used in unquoted shell expansions such as 'echo $PR_ID' and 'gh pr view ${PR_NUMBER}'. This allows an attacker who can control the input string to execute arbitrary shell commands by including metacharacters like semicolons.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data including pull request titles and descriptions via 'gh pr view' (Ingestion points) without using boundary markers to isolate the content. The skill has the capability to edit, review, and merge pull requests (Capability inventory: 'gh pr edit', 'gh pr review', 'gh pr merge'). There is no evidence of sanitization or validation of the ingested content before it is used by the agents to synthesize findings and make merge decisions (Sanitization).
- [REMOTE_CODE_EXECUTION]: The workflow relies on 'npx claude-flow' to orchestrate agents, which downloads and executes code from the NPM registry at runtime. As the package originates from an unverified source, this represents an unverifiable remote code execution risk.
Recommendations
- AI detected serious security threats
Audit Metadata