pr-cluster
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and interprets public, user-generated GitHub content (PR bodies, comments, issues, commits) via gh api calls documented in SKILL.md—e.g., "gh api repos/{owner}/{repo}/pulls/{number}", search/issues queries, and "gh api repos/{owner}/{repo}/issues/{number}/comments"—and uses that content to score, decide, and act (close/merge) on PRs, so untrusted third-party content could inject instructions indirectly.
Audit Metadata