refactor
Fail
Audited by Snyk on Jun 21, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The skill contains multiple intentional high-risk patterns: it sends full PR diffs and repo metadata to spawned subagents (data exfiltration risk), spawns general-purpose subagents with explicit "bypassPermissions" (privilege bypass / backdoor), and performs automated repository edits/commits/pushes (unauthorized code modification / supply-chain risk), any of which enable deliberate malicious behavior or stealthy backdoor injection.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). Outsider-authored free text is the PR’s
bodyand especially the PR diff content (gh pr view ... bodyandgh pr diff), which is written by external contributors and is injected into reviewer-agent prompts as{FULL_DIFF}/{PR_TITLE}at runtime.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs spawned subagents to run with "mode": "bypassPermissions" (i.e., bypass security controls) and directs automated edits, commits, and tool actions that modify the agent/host state, which is a high-risk instruction to circumvent permissions.
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata