Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-webhooks-events/Snyk

coderabbit-webhooks-events

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill receives and parses GitHub webhook payloads (e.g., via the /webhooks/github handler in SKILL.md) for events like pull_request_review, pull_request_review_comment, issue_comment, and check_run which contain user-generated GitHub PR/comment content that the code parses and uses to drive actions (notifications, routing, auto-merge), so untrusted third-party content can influence behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 05:24 PM
Issues
1