github
Warn
Audited by Snyk on Mar 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using gh to view and query live GitHub content (e.g., gh issue view, gh pr view, gh run view --log, gh api repos/owner/repo/issues), which fetches untrusted, user-generated third-party data from public GitHub repos that the agent is expected to read and can influence actions like commenting, merging, or rerunning workflows.
Audit Metadata