Back to skill

Security audit

Fetch Pr Feedback

Security checks across malware telemetry and agentic risk

Overview

This skill transparently fetches GitHub PR review comments and hands them to a feedback-processing workflow, with no hidden installer, persistence, or unrelated data access found.

Install only if you are comfortable letting the agent read PR comments through your GitHub CLI session and use those comments as feedback. Review the formatted feedback and any proposed code changes before accepting them, especially when comments come from bots or external contributors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.