skills/boshu2/agentops/pr-implement/Snyk

pr-implement

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and interprets user-generated GitHub content (e.g., Phase -1 "Prior Work Check" uses gh pr list and gh issue view and accepts a repo URL or plan artifact), so untrusted third-party PRs/issues could materially influence decisions and next actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 16, 2026, 12:18 PM

Issues

1

Security Audit — snyk — pr-implement