in-depth-review
Facilitates multi-agent code reviews for thorough analysis of branches or PRs, enhancing code quality through diverse perspectives.
Install this skill
Security score
The in-depth-review skill was audited on Jun 10, 2026 and we found 8 security issues across 2 threat categories, including 6 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 97 | ```bash |
Template literal with variable interpolation in command context
| 107 | - **Path A (reviewer mode, PR-arg):** ideal `context_ref = origin/${base}` (whatever the PR's base branch is, usually `main`). The worktree filesystem must **only** be used as `context_ref` when `HEAD |
Template literal with variable interpolation in command context
| 108 | - **Path B (author mode, current-branch):** `context_ref = origin/${base}`. The user's local feature-branch files are the _diff_, not the _pre-PR context_; pre-PR convention/neighbor reads must come f |
Template literal with variable interpolation in command context
| 113 | 2. `HEAD` differs from `origin/${base}` (Path A only — Path B expects HEAD on a feature branch). |
Template literal with variable interpolation in command context
| 115 | 4. `HEAD` is behind `origin/${base}` (any non-zero "behind" count). |
Template literal with variable interpolation in command context
| 116 | 5. `HEAD` is more than a small number of commits ahead of `origin/${base}` on Path A (ahead implies the user is mid-work on a branch that isn't the PR; their worktree is not a clean main). |
Template literal with variable interpolation in command context
| 137 | - Read repo context via `git show "${context_ref}:<path>"` (for whole files) and `git grep -n <pattern> "${context_ref}" -- <paths>` (for searches). |
Access to .env file
| 255 | - ENV access via the project's Configuration abstraction, not direct `process.env`. |