matthew-a-carr/review-implementation
Repo-aware review of an implementation PR (the `ai:done` PR) against the SPEC it implements, the constitution, the ADRs, and the doc-staleness rules. Use when a routine fires on a PR labelled `ai:done`, when a human says "review impl PR #NNN" / "review the implementation for SPEC-NNN", or as a self-review step inside `implement-spec` before the PR is opened. Read-only — produces a structured report and never edits code or merges.
85
90%
Does it follow best practices?
Impact
69%
1.06xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.85). Routine/interactive/self-review modes ingest outsider-authored free text from GitHub PR content (e.g., PR body, changed files/diffs, and review-relevant issue/PR text) via `mcp__github__pull_request_read` / `mcp__github__*` at runtime, which is untrusted prose that can contain indirect prompt-injection payloads.
- Audited
- Security analysis