github-pr-workflow
Warn
Audited by Socket on May 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The overall workflow matches the stated GitHub PR purpose and uses official GitHub endpoints, so there is no strong malware or exfiltration signal. However, the fallback auth method disproportionately reads plaintext credentials from local files, and the skill enables autonomous commit/push/merge actions with real repository impact, making it medium risk.
Confidence: 91%Severity: 56%
Audit Metadata