skills/sunny0826/open-source-skills/issue-triage/Snyk

issue-triage

Warn

Audited by Snyk on Apr 3, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly requires fetching GitHub issue content (e.g., via curl to https://api.github.com/repos/owner/repo/issues/123), which ingests untrusted, user-generated third-party content (issue bodies/comments) that the agent must read and use to drive triage decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching GitHub issue content at runtime (e.g., https://github.com/owner/repo/issues/123 or via the API https://api.github.com/repos/owner/repo/issues/123), which injects untrusted external text into the model context and therefore can directly control prompts—this is a required runtime dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 3, 2026, 08:36 AM

Issues

2