github-code-review

Fail

Audited by Snyk on Jun 14, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The cli.github.com manual URL is an official, low-risk documentation page, but the two GitHub repos are third‑party projects under the unknown "ruvnet" account and could host unvetted code or installers (a common malware distribution vector), so treat them as potentially suspicious until you verify stars/forks/release artifacts, view source, check npm/package signatures, and confirm the maintainer's reputation.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The repo contains a webhook handler that directly passes untrusted PR comment and webhook fields into execSync, creating an intentional remote-command-execution vector (command-injection/backdoor risk) that can be abused to run arbitrary system commands and exfiltrate data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The required runtime workflow fetches PR body/diff via gh pr view ... --json ... ,body and gh pr diff ..., which are outsider-authored GitHub PR content (including free-form text like the PR description) that is then passed into the LLM context via npx ruv-swarm github review-init --pr-data "$PR_DATA" --diff "$PR_DIFF".

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 14, 2026, 06:40 AM
Issues
3
Security Audit — snyk — github-code-review