Skills
skills/yonatangross/skillforge-claude-plugin/code-review-playbook/Snyk

code-review-playbook

Warn

Audited by Snyk on Mar 26, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's review workflow and scripts (e.g., scripts/review-pr.md, scripts/fetch-pr-data.sh and run-pr-checks.py referenced in SKILL.md) explicitly auto-fetch PR diffs, descriptions, and comments from GitHub via the gh CLI, meaning the agent ingests untrusted, user-generated third‑party content that can directly influence review actions and decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 10:45 AM
Issues
1