when-reviewing-github-pr-use-github-code-review

Warn

Audited by Snyk on Jun 26, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill fetches PR context (including changed files/diffs and existing comments) via bash scripts/github-api.sh fetch-pr ..., and that PR content is outsider-authored (e.g., external contributor commits) which is then loaded into agent-accessible memory (pr-context.json / github/pr-review/context) and used in subsequent Task prompts—creating an indirect prompt-injection path from PR text into the LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs "npx claude-flow@alpha" at runtime (e.g., "npx claude-flow@alpha swarm init" and other npx/claude-flow commands), which fetches and executes remote npm package code that orchestrates agents and therefore can directly control prompts and runtime behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:21 AM
Issues
2
Security Audit — snyk — when-reviewing-github-pr-use-github-code-review