github-code-review
Fail
Audited by Snyk on Jun 14, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The cli.github.com manual URL is an official, low-risk documentation page, but the two GitHub repos are third‑party projects under the unknown "ruvnet" account and could host unvetted code or installers (a common malware distribution vector), so treat them as potentially suspicious until you verify stars/forks/release artifacts, view source, check npm/package signatures, and confirm the maintainer's reputation.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The repo contains a webhook handler that directly passes untrusted PR comment and webhook fields into execSync, creating an intentional remote-command-execution vector (command-injection/backdoor risk) that can be abused to run arbitrary system commands and exfiltrate data.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The required runtime workflow fetches PR body/diff via
gh pr view ... --json ... ,bodyandgh pr diff ..., which are outsider-authored GitHub PR content (including free-form text like the PR description) that is then passed into the LLM context vianpx ruv-swarm github review-init --pr-data "$PR_DATA" --diff "$PR_DIFF".
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata