worklog
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests user-generated content from GitHub (see scripts/github.sh which runs
gh search prs/gh search issuesto collect PRs and issues) and then reads and integrates those results into the generated worklog, exposing the agent to untrusted third‑party content that could carry indirect prompt injection.
Audit Metadata