simple-review
Facilitates quick, single-pass code reviews for PRs or branches, enhancing code quality and collaboration efficiency.
Install this skill
Security score
The simple-review skill was audited on Jun 10, 2026 and we found 10 security issues across 2 threat categories, including 8 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 53 | ```bash |
Template literal with variable interpolation in command context
| 63 | - **Path A (reviewer):** `context_ref = origin/${base}` (usually `main`). Worktree may be used only when `HEAD == origin/${base}` AND clean AND fetch succeeded. |
Template literal with variable interpolation in command context
| 64 | - **Path B (author):** `context_ref = origin/${base}`. The local feature branch IS the diff; pre-PR context comes from `origin/${base}`. |
Template literal with variable interpolation in command context
| 69 | 2. `HEAD` differs from `origin/${base}` on Path A. |
Template literal with variable interpolation in command context
| 71 | 4. `HEAD` is behind `origin/${base}` (any non-zero "behind"). |
Template literal with variable interpolation in command context
| 72 | 5. `HEAD` is more than a small number of commits ahead of `origin/${base}` on Path A. |
Template literal with variable interpolation in command context
| 99 | - Read via `git show "${context_ref}:<path>"` (whole files) or `git grep -n <pattern> "${context_ref}" -- <paths>` (search). |
Template literal with variable interpolation in command context
| 183 | - `git show ${context_ref}:AGENTS.md` and `CLAUDE.md` (if present) |
Template literal with variable interpolation in command context
| 184 | - `git ls-tree -r --name-only ${context_ref} -- .rules` then read each rule file relevant to the diff |
Access to .env file
| 201 | - ENV access via Configuration abstraction, not direct `process.env`. |