octocode-pull-request-reviewer
Warn
Audited by Snyk on Apr 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's PR Mode explicitly fetches and processes public GitHub content (e.g., githubSearchPullRequests, githubGetFileContent, githubSearchCode called in the Dependency Check, Phase 2 Context, and Flow Analysis sections) — untrusted, user-generated third-party PR metadata, diffs, files, and comments are read and used to drive analysis and decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching repository files at runtime via GitHub (e.g., using githubGetFileContent for links like https://github.com/bgauryy/octocode-mcp/blob/main/packages/octocode-mcp/docs/LOCAL_TOOLS_REFERENCE.md), and those fetched guideline/context files are injected into the agent's review guidance (directly controlling prompts/behavior), so this is a runtime external dependency that can control agent instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata