ai-create-pr
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required workflow reads the current branch diff via
git diff main...HEAD/git log main..HEAD --oneline, and that diff content is outsider-authored (i.e., from other contributors’ PR/branch text) and becomes LLM-readable prose in the agent context.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata