github
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to fetch and display user-generated content from public GitHub (e.g., via "gh issue view", "gh pr view", "gh search", and "gh api" calls that read issues, PRs, comments, code, and artifacts), which are untrusted third‑party sources and could carry indirect prompt injections.
Audit Metadata