docs-kibana-release-notes
Warn
Audited by Snyk on May 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly requires using the GH CLI to fetch GitHub PR context and to read files from the public docs-content repository (e.g., https://github.com/elastic/docs-content and PRs referenced in the tool output), which are untrusted, user-generated web content the agent must read and use to shape release-note wording, creating a clear avenue for indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching and ingesting GitHub content at runtime (via the GH CLI) — e.g. https://github.com/elastic/docs-content/tree/main/release-notes/elastic-observability and https://github.com/elastic/docs-content/tree/main/release-notes/elastic-security — and uses that fetched content to directly shape prompts/output, which meets the criteria for a high-confidence external dependency that controls agent behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata