repurpose-deck-from-reference
Warn
Audited by Snyk on Jun 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). RESEARCH phase が
web_fetchで取得した「公式 docs / repo README / changelog」等の外部Web/公開リポジトリ本文(アウトサイダーが執筆した自由記述)をLLMコンテキストに取り込む可能性があるためです。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls web_fetch at runtime to retrieve external docs and raw repo content (e.g., https://raw.githubusercontent.com/github/app/main/README.md and https://docs.github.com/en/copilot/concepts/agents/github-copilot-app), which are injected as primary source material used to generate the deck and thus directly influence agent prompts/outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata