refactor

Fail

Audited by Snyk on Jun 21, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill contains multiple intentional high-risk patterns: it sends full PR diffs and repo metadata to spawned subagents (data exfiltration risk), spawns general-purpose subagents with explicit "bypassPermissions" (privilege bypass / backdoor), and performs automated repository edits/commits/pushes (unauthorized code modification / supply-chain risk), any of which enable deliberate malicious behavior or stealthy backdoor injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). Outsider-authored free text is the PR’s body and especially the PR diff content (gh pr view ... body and gh pr diff), which is written by external contributors and is injected into reviewer-agent prompts as {FULL_DIFF}/{PR_TITLE} at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs spawned subagents to run with "mode": "bypassPermissions" (i.e., bypass security controls) and directs automated edits, commits, and tool actions that modify the agent/host state, which is a high-risk instruction to circumvent permissions.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 21, 2026, 12:57 AM
Issues
3
Security Audit — snyk — refactor