skills/dicklesworthstone/misc_coding_agent_tips_and_scripts/reporting-sensitive-encrypted-gh-issues/Snyk
reporting-sensitive-encrypted-gh-issues
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill is
gh-issue-decrypt, which at runtime scans and decrypts GitHub issues/comments from a specifiedOWNER/REPOvia the GitHub API/CLI; those issue body texts are outsider-authored free-form content that the tool reads and then feeds into its LLM context for processing.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill instructs users to run a runtime installation command that fetches and pipes remote code to bash from https://raw.githubusercontent.com/Dicklesworthstone/misc_coding_agent_tips_and_scripts/main/gh-issue-decrypt?$(date +%s), which executes remote code as a required install step.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata