skills/codagent-ai/agent-skills/push-pr/Snyk

push-pr

Warn

Audited by Snyk on May 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill runs GitHub CLI commands (e.g., gh pr view and gh repo view) to fetch PR metadata and state from GitHub — public, user-generated third-party content — and uses that information to decide whether to create, update, or skip PR actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 12, 2026, 03:47 AM

Issues

1