matthew-a-carr/revise-spec
Revise a SPEC or EPIC PR based on review feedback and push an update. Use when a routine fires on a PR being labelled `ai:revise-now`, or when a user asks to "revise spec PR #NNN" / "revise epic PR #NNN" interactively. Non-interactive — reads every unresolved review comment + inline comment + the current SPEC/EPIC file, rewrites it, pushes to the same branch, and posts a one-line summary comment pointing at the diff.
88
90%
Does it follow best practices?
Impact
81%
1.47xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.95). Outsider-authored free text is ingested via GitHub review/comment bodies fetched at runtime (e.g., `mcp__github__list_pull_request_reviews`, `mcp__github__list_pull_request_comments`, and `mcp__github__list_issue_comments`), and those comment texts are then used to rewrite the SPEC and to generate PR reply/top-level comment content.
- Audited
- Security analysis