Skills
skills/laurigates/claude-plugins/git-commit-workflow/Snyk

git-commit-workflow

Warn

Audited by Snyk on Apr 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's commit-context.sh (used by SKILL.md via the "--with-issues" option) explicitly runs gh issue list to fetch open GitHub issues (public, user-generated content) and instructs using that output to compose/auto-link commit messages, so untrusted third-party text is ingested and can influence commit actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 09:36 PM
Issues
1