skills/aradotso/ai-agent-skills/prps-agentic-engineering/Snyk

prps-agentic-engineering

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's /prp-issue-investigate workflow explicitly "Auto-fetched from GitHub" (SKILL.md) and the agent reads and acts on that user-generated GitHub issue content to produce investigations, plans, and fixes (e.g., /prp-issue-fix and autonomous Ralph loops), so untrusted third-party input from GitHub can materially influence agent actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 17, 2026, 09:25 PM

Issues

1

Security Audit — snyk — prps-agentic-engineering