Skills
skills/rtk-ai/rtk/rtk-triage/Snyk

rtk-triage

Warn

Audited by Snyk on Apr 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests user-generated GitHub content (e.g., via "gh issue list --json ... body", "gh pr list --json ... body", and "gh api repos/{owner}/{repo}/collaborators" in Phase 1) and then parses issue/PR bodies in Phase 2–3 to drive triage decisions and recommended actions, so untrusted third‑party content can materially influence tool behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 2, 2026, 05:34 PM
Issues
1