Skills
skills/jabrena/cursor-rules-java/021-tooling-github/Snyk

021-tooling-github

Warn

Audited by Snyk on Apr 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches GitHub issue bodies and comment threads from third-party repositories via the GitHub CLI / gh api (see Step 4 and "Full thread" / "Retrieve issue body and all comments" in references/021-tooling-github.md) and uses that user-generated content as primary source material to drive analysis and generate user stories, so untrusted external content can directly influence the agent's decisions and actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 05:55 AM
Issues
1