Skills
skills/b-mendoza/agent-skills/orchestrating-github-workflow/Snyk

orchestrating-github-workflow

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly fetches and consumes GitHub issue content from arbitrary ISSUE_URLs using the Phase 1 fetching-github-issue flow (via gh to produce docs/<ISSUE_SLUG>.md) and also uses issue-status-checker outputs and those artifacts to drive planning, gating, and downstream actions, so untrusted user-generated content on GitHub can materially influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The orchestrator explicitly accepts and fetches an ISSUE_URL at runtime (e.g., https://github.com/acme/app/issues/42) and writes the issue body into docs/<ISSUE_SLUG>.md that downstream skills consume, so external GitHub issue content can directly control the agent's prompts and workflow decisions.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:29 AM
Issues
2