skills/testacode/llm-toolkit/github-actions/Snyk

github-actions

Warn

Audited by Snyk on Apr 30, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The workflow's Phase 0 "Knowledge Update" explicitly requires fetching latest documentation via WebSearch (public web) to determine action versions, Node.js LTS, and best practices, so it ingests untrusted third-party content from the open web that can influence generated workflows.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 30, 2026, 06:14 PM

Issues

1