skills/mgratzer/forge/forge-address-pr-feedback/Socket

forge-address-pr-feedback

Warn

Audited by Socket on May 4, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: The skill is purpose-aligned for addressing GitHub PR feedback and uses official GitHub APIs with no suspicious installer or credential-forwarding behavior. The main risk is that it gives an agent autonomous ability to modify code, push commits, and publicly reply to reviewer comments while processing untrusted PR text, making it high-impact if misused or prompt-injected.

Confidence: 91%Severity: 68%

Audit Metadata

Analyzed At

May 4, 2026, 11:37 AM

Package URL

pkg:socket/skills-sh/mgratzer%2Fforge%2Fforge-address-pr-feedback%2F@cd79d0b03ecd7afa01060490e8ef4888e1f4821d