feat(ci): Add security vulnerability skill action#19355
feat(ci): Add security vulnerability skill action#19355nicohrubec wants to merge 5 commits intodevelopfrom
Conversation
Codecov Results 📊Generated by Codecov Action |
Codecov Results 📊✅ 23 passed | ⏭️ 7 skipped | Total: 30 | Pass Rate: 76.67% | Execution Time: 12.25s 📊 Comparison with Base Branch
✨ No test changes detected All tests are passing successfully. Generated by Codecov Action |
size-limit report 📦
|
node-overhead report 🧳Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.
|
| IMPORTANT: Do NOT dismiss any alerts. Do NOT wait for approval. | ||
| Create a branch, apply the fix, and open a PR with your analysis | ||
| in the PR description. Target the develop branch. |
There was a problem hiding this comment.
Just wondering what we should do in case the alert should be dismissed. Create an issue that informs us?
There was a problem hiding this comment.
Yeah right now it would create a PR with an explanation why the alert should be dismissed, an issue is probably more appropriate in that case
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | ||
| prompt: | | ||
| /fix-security-vulnerability ${{ github.event.alert.number || github.event.inputs.alert }} |
There was a problem hiding this comment.
Unsanitized input interpolated directly into AI prompt
Medium Severity
The workflow_dispatch input github.event.inputs.alert is directly interpolated into the Claude AI agent's prompt via ${{ }} expression without any validation or sanitization. Since the input accepts any free-form string (no type constraint), a user triggering this workflow via the API could inject arbitrary multi-line instructions into the prompt. The agent operates with contents: write and pull-requests: write permissions, so a successful prompt injection could cause it to create PRs with unintended code changes that appear to be legitimate automated security fixes. This rule was flagged because it was mentioned in the rules file under Security Vulnerabilities.
Additional Locations (1)
Triggered by project rule: PR Review Guidelines for Cursor Bot
2 participants
Closes #19368 (added automatically)