review-fix-loop
Self-review a PR, fix all issues, and re-review in a loop until clean. Coordinates code-review, address-pr-comments, and fix-ci-tests skills.
68
61%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.claude/skills/review-fix-loop/SKILL.mdSecurity
2 findings — 1 critical severity, 1 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 0.90). This skill intentionally implements gating logic that ignores external reviewers (only counts unresolved threads from the authenticated user and specific bots), and enforces an autonomous, non-interruptible loop that auto-applies fixes and pushes commits — a deliberate pattern that enables bypassing human review/oversight and automating unsupervised code changes (high abuse/supply-chain risk), though it contains no direct data-exfiltration, obfuscated payloads, or explicit remote-exec primitives.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated GitHub PR review comments—notably in Sub-step 2B ("address-pr-comments" reads all unresolved review comments and implements fixes) and via the reviewThreads GraphQL queries—so it ingests untrusted third-party content from public PR threads that can influence actions.
- Repository
- DataDog/rshell
- Commit
729dfbb
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.