docs-pr-check
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s required runtime workflow uses
gh pr view ... --json title,body,files,labelsto ingest the PR body text (and potentially file paths/content metadata) from thegrafana/temporepo; PR authors are typically outsiders relative to the operating user, so this is outsider-authored free text entering the agent context via the GitHub PR body.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata