skills/flutter/skills/code-review/Snyk

code-review

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Step 1: "For GitHub Pull Requests" — use gh pr view to read the title and description and gh pr diff to get code changes) requires the agent to fetch and interpret user-generated GitHub PR content, which is untrusted third-party data that can influence review decisions and actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 15, 2026, 02:46 AM

Issues

1

Security Audit — snyk — code-review