skills/ruvnet/ruview/github-workflow-automation/Snyk

github-workflow-automation

Warn

Audited by Snyk on Mar 4, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on GitHub user-generated content (e.g., "gh pr view ... --json files | npx ruv-swarm actions pr-validate", "gh run view --json ... | npx ruv-swarm actions analyze-failure", and "gh run download " pipelines in SKILL.md), so untrusted third-party repo/PR/log data are parsed and can drive automated comments, issue creation, fixes, or deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes npx/npm to fetch and execute the ruvnet packages that it depends on (e.g., https://github.com/ruvnet/ruv-swarm and https://github.com/ruvnet/claude-flow), which are fetched at runtime and can execute remote code and control agent behavior.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 4, 2026, 07:39 PM