skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-request-skill/Socket

ai-request-skill

Warn

Audited by Socket on May 13, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS: the core purpose is coherent, but the skill combines transitive skill installation with mandatory autonomous GitHub write actions. The main risk is not malware or credential theft; it is delegated third-party influence plus public PR/issue creation without clear per-action approval.

Confidence: 89%Severity: 79%

Audit Metadata

Analyzed At

May 13, 2026, 06:47 PM

Package URL

pkg:socket/skills-sh/lebsral%2Fdspy-programming-not-prompting-lms-skills%2Fai-request-skill%2F@80cf2145b13305c67b07adf95fcac963105f1e32