Skills
skills/toss/es-toolkit/issue-label/Snyk

issue-label

Warn

Audited by Snyk on Apr 7, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's Workflow step 1 uses gh issue view {number} --repo toss/es-toolkit --json title,body,labels to fetch GitHub issue title/body (user-generated, public content) and step 2 requires the agent to analyze that content to decide and apply labels, so untrusted third-party issue text can influence tool actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 06:19 AM
Issues
1