Security Audit
code-review-ai-ai-review
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
code-review-ai-ai-review received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill vulnerable to Prompt Injection via unsanitized inputs to downstream LLMs, Command Injection vulnerability in `sonar-scanner` call, Unpinned Python dependency in example script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection vulnerability in `sonar-scanner` call The `run_static_analysis` method in the `CodeReviewOrchestrator` class constructs a shell command for `sonar-scanner` by directly interpolating `self.repo` into the command string: `f'-Dsonar.projectKey={self.repo}'`. If `self.repo` is derived from untrusted user input (e.g., a user-provided repository name), an attacker could inject arbitrary shell commands (e.g., `myrepo; rm -rf /`) which would be executed with the privileges of the skill, leading to remote code execution within the environment where the skill operates. Avoid direct string interpolation for shell commands. Instead, pass arguments as separate list elements to `subprocess.run` (e.g., `['sonar-scanner', '-Dsonar.projectKey=' + self.repo]`) or use a dedicated library for safe command execution. If string interpolation is unavoidable, strictly validate and sanitize `self.repo` to ensure it contains only safe characters and does not include shell metacharacters. | LLM | SKILL.md:234 | |
| HIGH | Skill vulnerable to Prompt Injection via unsanitized inputs to downstream LLMs The skill's described mechanism for interacting with other LLMs (e.g., Claude 4.5 Sonnet, GPT-5) involves directly embedding potentially untrusted variables such as `pr_description`, `code_diff`, `code_snippet`, `diff`, and `static_results` into the LLM prompts. If these variables contain untrusted user input or data from external systems, a malicious actor could inject instructions to manipulate the behavior of the downstream LLM, potentially leading to unauthorized actions, data exfiltration, or generation of harmful content. This vulnerability is present in the `review_prompt`, `security_analysis_prompt`, and the `ai_review` method. Implement robust input sanitization and escaping for all variables embedded into LLM prompts. Consider using structured prompt formats (e.g., JSON, XML) with strict schema validation, or dedicated LLM input sanitization libraries, to prevent prompt injection. Ensure that all data passed to LLMs is treated as untrusted and validated. | LLM | SKILL.md:60 | |
| MEDIUM | Unpinned Python dependency in example script The Python example script imports the `anthropic` library without specifying a version constraint. This means that when the script is deployed, it will fetch the latest available version of `anthropic`. This lack of dependency pinning can lead to non-deterministic builds, unexpected behavior due to breaking changes in new versions, or the introduction of vulnerabilities if a future version of the library contains malicious code or security flaws. For production deployments, always pin dependencies to specific versions (e.g., `anthropic==0.20.0`) in a `requirements.txt` or `pyproject.toml` file. Use a dependency management tool (e.g., pip-tools, poetry) to manage and lock dependencies. Regularly review and update dependencies to incorporate security patches. | LLM | SKILL.md:219 |
Scan History
Embed Code
[](https://skillshield.io/report/16cd97c70a4884b4)
Powered by SkillShield