Skills
skills/doug-skinner/github-cli-claude-skill/github-cli/Snyk

github-cli

Warn

Audited by Snyk on Feb 25, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh commands that fetch and parse user-generated GitHub content (e.g., "gh issue view ... --json body,comments", "gh pr view ... --json ...", gh release/view/download, and workflow/run commands shown throughout SKILL.md, ISSUES.md, and PR.md), so arbitrary public issue/PR/comments and other repo content could be ingested and materially influence actions like merging, closing, or triggering workflows.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes an instruction to write shell completion to /etc/bash_completion.d/gh (a system directory), which would modify system files that require elevated privileges and thus risks changing the machine state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 10:53 AM