code-review
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). SKILL.md's "GitHub PR Reviews" section explicitly instructs using commands like "gh pr diff" and "gh pr view" to fetch PR diffs/files from GitHub (public, user-generated content) which the agent would read and use to drive code-review decisions, allowing untrusted content to influence actions.
Audit Metadata