github-code-review

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file references/reference.md contains a Node.js webhook handler example (webhook-handler.js) that uses execSync to run shell commands. It incorporates the event.comment.body directly into the command string without any sanitization or validation. This allows a malicious user to execute arbitrary commands by crafting a pull request comment (e.g., using shell metacharacters like ;, |, or `).
  • [EXTERNAL_DOWNLOADS]: The skill depends on npx ruv-swarm to perform its core functions. This pattern downloads and executes code from the npm registry at runtime. While these appear to be associated with the skill's authoring organization (ruvnet), they are third-party dependencies executed without version pinning or hash verification in the provided examples.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution via two vectors: the command injection vulnerability in the webhook example and the register-agent feature, which dynamically loads and executes local JavaScript files as custom agents.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from GitHub pull requests.
  • Ingestion points: Pull request diffs, titles, bodies, and comments are fetched via gh pr view and gh pr diff and passed to AI agents.
  • Boundary markers: No delimiters or safety instructions are used in the prompt construction examples to distinguish between system instructions and PR content.
  • Capability inventory: The agents have the capability to merge PRs, request changes, and execute shell commands through the swarm orchestration tool.
  • Sanitization: The skill lacks input validation or sanitization for external content before it is processed by the agents.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — github-code-review