org-ci-health
Warn
Audited by Snyk on Mar 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill requires running a helper script (~/.claude/scripts/org-ci-health.sh) that fetches CI/workflow data from an org (GitHub repos) into a JSON output which the agent parses and uses to decide fixes and create PRs (Phases 1–5 in SKILL.md), so untrusted, user-generated workflow content can materially influence the agent's actions.
Audit Metadata