github-code-review
Facilitates comprehensive GitHub code reviews using AI-powered swarm coordination for enhanced code quality and security.
Install this skill
Security score
The github-code-review skill was audited on Jun 7, 2026 and we found 12 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 402 | execSync(`npx ruv-swarm github pr-init ${event.pull_request.number}`); |
Direct command execution function call
| 407 | execSync(`npx ruv-swarm github handle-comment --pr ${event.issue.number} --command "${command}"`); |
Template literal with variable interpolation in command context
| 402 | execSync(`npx ruv-swarm github pr-init ${event.pull_request.number}`); |
Template literal with variable interpolation in command context
| 407 | execSync(`npx ruv-swarm github handle-comment --pr ${event.issue.number} --command "${command}"`); |
Template literal with variable interpolation in command context
| 494 | ```yaml |
Template literal with variable interpolation in command context
| 775 | ```yaml |
Node child_process module reference
| 395 | const { execSync } = require('child_process'); |
Webhook reference - potential data exfiltration
| 91 | - [Webhook Handlers](#webhook-handlers) |
Webhook reference - potential data exfiltration
| 390 | <summary><strong>Webhook Handler for Comment Commands<$strong><$summary> |
Webhook reference - potential data exfiltration
| 393 | // webhook-handler.js |
Webhook reference - potential data exfiltration
| 398 | if (req.url === '$github-webhook') { |
Webhook reference - potential data exfiltration
| 945 | - [ ] Webhook signatures verified |