pr-monitoring-loop
Warn
Audited by Snyk on Jun 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The required runtime path is
scripts/check-pr-state.py→fetch_all()→issue_comments()/review_comments()/review_threads()which pulls outsider-authored PR comment/review/thread body text from GitHub and includes it in the LLM-visible focused JSON (format_focused()includescomments.*.bodyandthreadDetails.*.comments[].body).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata