Skills
skills/conorkenn/openclaw-github-skill/github/Snyk

github

Warn

Audited by Snyk on Mar 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's code and docs show it fetches user-generated content from the public GitHub API (e.g., src/api.ts calls https://api.github.com/users/... /repos, /commits, /actions/runs) and returns commit messages, repo descriptions, and workflow data for the assistant to read and act on (SKILL.md/README usage), so untrusted third-party content can influence subsequent decisions or tool calls.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 03:56 PM