Back to skill

Security audit

Gitcode Pr Comment Workflow

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for GitCode PR review work, but it uses sensitive GitCode tokens in URL-based API calls while also allowing persistent PR changes and comments.

Install only if you are comfortable giving the agent GitCode PR write authority. Confirm every push and PR comment carefully, and avoid exposing GitCode tokens in URLs, logs, shell history, screenshots, or shared transcripts; prefer authenticated CLI commands or safer header-based token handling where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The workflow explicitly instructs reading the GitCode token from local CLI config and then placing it into API URLs. Tokens in query strings are commonly exposed via shell history, process listings, logs, proxies, and error reporting, so this creates a real credential leakage risk beyond the intended API call.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example tells the agent to call the GitCode API with access_token in the URL but gives no privacy warning. Even if functionally valid, query-string secrets are prone to inadvertent disclosure in logs, terminal scrollback, browser/proxy history, and telemetry.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.