skills/sethgammon/citadel/merge-review/Snyk

merge-review

Fail

Audited by Snyk on May 5, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

Potential prompt injection detected (high risk: 1.00). The prompt claims to be read-only review but then instructs updating the queue and forcibly removing worktrees/branches (destructive state changes) without confirmation, a deceptive contradiction outside the skill's stated purpose.

Issues (1)

E004

CRITICAL

Prompt injection detected in skill instructions.

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 5, 2026, 10:49 AM

Issues

1