github
Warn
Audited by Snyk on Mar 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to fetch PRs, issues, and other content from GitHub using commands like "gh pr view", "gh issue list", and "gh api" (public, user-generated content), and those fetched bodies/metadata are used to drive review, triage, commenting, and merge actions—so untrusted third-party content can materially influence behavior.
Audit Metadata